| ID | Name |
|---|---|
| ATAGS-T1020.001 | Drive-by Target |
| ATAGS-T1020.002 | Identify/Select Delivery Mechanism |
| ATAGS-T1020.003 | Install Digital Certificate |
| ATAGS-T1020.004 | Link Target |
| ATAGS-T1020.005 | SEO Poisoning |
| ATAGS-T1020.006 | Upload Exploit/Payload |
| ATAGS-T1020.007 | Upload Malware |
| ATAGS-T1020.008 | Upload Tool |
Threat actors may upload exploits and payloads to a third-party infrastructure that they have purchased or rented or stage it on an otherwise compromised ground station. Exploits and payloads would include files and commands to be uploaded to the victim groundstation in order to conduct the threat actor's attack.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.