Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >ATTACK
  3. >Resource Development
  4. >ATTACK-T1587
ATTACK-T1587Active

Develop Capabilities

Statement

Adversaries may build capabilities that can be used during targeting. Rather than purchasing, freely downloading, or stealing capabilities, adversaries may develop their own capabilities in-house. This is the process of identifying development requirements and building solutions such as malware, exploits, and self-signed certificates. Adversaries may develop capabilities to support their operations throughout numerous phases of the adversary lifecycle.(Citation: Mandiant APT1)(Citation: Kaspersky Sofacy)(Citation: Bitdefender StrongPity June 2020)(Citation: Talos Promethium June 2020)

As with legitimate development efforts, different skill sets may be required for developing capabilities. The skills needed may be located in-house, or may need to be contracted out. Use of a contractor may be considered an extension of that adversary's development capabilities, provided the adversary plays a role in shaping requirements and maintains a degree of exclusivity to the capability.

Location

Tactic
Resource Development

Technique Details

Identifier
ATTACK-T1587
ATT&CK Page
View on MITRE

Tactics

Resource Development

Platforms

PRE

Detection

Detection of Develop Capabilities

Mitigations

Pre-compromise: Pre-compromise mitigations involve proactive measures and defenses implemented to prevent adversaries from successfully identifying and exploiting weaknesses during the Reconnaissance and Resource Development phases of an attack. These activities focus on reducing an organization's attack surface, identify adversarial preparation efforts, and increase the difficulty for attackers to conduct successful operations. This mitigation can be implemented through the following measures:

Limit Information Exposure:

  • Regularly audit and sanitize publicly available data, including job posts, websites, and social media.
  • Use tools like OSINT monitoring platforms (e.g., SpiderFoot, Recon-ng) to identify leaked information.

Protect Domain and DNS Infrastructure:

  • Enable DNSSEC and use WHOIS privacy protection.
  • Monitor for domain hijacking or lookalike domains using services like RiskIQ or DomainTools.

External Monitoring:

  • Use tools like Shodan, Censys to monitor your external attack surface.
  • Deploy external vulnerability scanners to proactively address weaknesses.

Threat Intelligence:

  • Leverage platforms like MISP, Recorded Future, or Anomali to track adversarial infrastructure, tools, and activity.

Content and Email Protections:

  • Use email security solutions like Proofpoint, Microsoft Defender for Office 365, or Mimecast.
  • Enforce SPF/DKIM/DMARC policies to protect against email spoofing.

Training and Awareness:

  • Educate employees on identifying phishing attempts, securing their social media, and avoiding information leaks.

No cross-framework mappings available

← Back to Resource Development
Resource Development47 controls
ATTACK-T1583Acquire InfrastructureATTACK-T1583.001DomainsATTACK-T1583.002DNS ServerATTACK-T1583.003Virtual Private ServerATTACK-T1583.004ServerATTACK-T1583.005BotnetATTACK-T1583.006Web ServicesATTACK-T1583.007ServerlessATTACK-T1583.008MalvertisingATTACK-T1584Compromise InfrastructureATTACK-T1584.001DomainsATTACK-T1584.002DNS ServerATTACK-T1584.003Virtual Private ServerATTACK-T1584.004ServerATTACK-T1584.005BotnetATTACK-T1584.006Web ServicesATTACK-T1584.007ServerlessATTACK-T1584.008Network DevicesATTACK-T1585Establish AccountsATTACK-T1585.001Social Media AccountsATTACK-T1585.002Email AccountsATTACK-T1585.003Cloud AccountsATTACK-T1586Compromise AccountsATTACK-T1586.001Social Media AccountsATTACK-T1586.002Email AccountsATTACK-T1586.003Cloud AccountsATTACK-T1587Develop CapabilitiesATTACK-T1587.001MalwareATTACK-T1587.002Code Signing CertificatesATTACK-T1587.003Digital CertificatesATTACK-T1587.004ExploitsATTACK-T1588Obtain CapabilitiesATTACK-T1588.001MalwareATTACK-T1588.002ToolATTACK-T1588.003Code Signing CertificatesATTACK-T1588.004Digital CertificatesATTACK-T1588.005ExploitsATTACK-T1588.006VulnerabilitiesATTACK-T1588.007Artificial IntelligenceATTACK-T1608Stage CapabilitiesATTACK-T1608.001Upload MalwareATTACK-T1608.002Upload ToolATTACK-T1608.003Install Digital CertificateATTACK-T1608.004Drive-by TargetATTACK-T1608.005Link TargetATTACK-T1608.006SEO PoisoningATTACK-T1650Acquire Access