Weaponization

The main aspect of this phase is to weaponize the malware that will be delivered to the target system. The malware could be a simple meterpreter payload, Empire agent, Koadic stager, or a complex custom-coded program. The type of malware depends on the level of adversaries. If the adversary is highly skilled, he/she would mostly use a custom coded malware to avoid detection. Even if the adversaries are using meterpreter (a downloader embedded in a Microsoft office document macro that would download and inject the meterpreter payload into the memory) as their weaponized malware, they still need to obfuscate, encode, and encrypt the payload for bypassing general & latest protection mechanisms. For organizations having no back office, the USB embedded malware is used to infect the systems of the employees working there.