TA004 Execution · T004.003 — Technique
Malicious Code Deployment
Installation and execution of malicious software on the drone's onboard computer, companion processor, or GCS host.
Sub-techniques (4)
- Ransomware targeting mission data
- Wiper payload targeting flight logs
- Rootkit on companion computer
- Bootkit for persistent control
Applicable countermeasures
CM-001 Encrypted and Authenticated C2 Link
All C2 communications between GCS and drone must use mutual-authentication encryption (AES-256 minimum) with replay protection.
NIST SP 800-53 SC-8 · DO-326A Sec 6.2 · EUROCAE ED-202A · STANAG 4586
CM-006 Onboard Behavioral Anomaly Detection
Real-time monitoring of flight control inputs, sensor streams, and communication patterns for spoofing, injection, or hijacking indicators.
NIST SP 800-53 SI-4 · DO-178C · IEC 62443-3-3 SR 6.1 · MITRE ATT&CK for ICS
CM-011 Tamper-Resistant Geofencing
Open in the interactive matrix
Cryptographically signed geofence zone definitions with hardware-enforced boundaries that cannot be overridden by software command.
EU Reg. 2019/945 · FAA Part 107 · ASTM F3322 · NIST SP 800-53 SI-10