Software Deployment Tools (T1072)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Software Deployment Tools

Associated Tactics

  • Execution
  • Lateral Movement

Execution (TA0002)

The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.

View on ATT&CK

Procedure Examples

Description Source(s)
ALEXANDER MARVI, BRAD SLAYBAUGH, DAN EBREO, TUFAIL AHMED, MUHAMMAD UMAIR, TINA JOHNSON. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved May 15, 2023. Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
Andy Robbins. (2020, August 17). Death from Above: Lateral Movement from Azure to On-Prem AD. Retrieved March 13, 2023. SpecterOps Lateral Movement from Azure to On-Prem AD 2020
Ariel Szarf, Or Aspir. (n.d.). Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan. Retrieved January 31, 2024. Mitiga Security Advisory: SSM Agent as Remote Access Trojan