CAPEC-529

Malware-Directed Internal Reconnaissance
Moyen
Moyen
Stable
2014-06-23
00h00 +00:00
2020-07-30
00h00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configuration, and security mechanisms of a targeted application, system or network.

Informations du CAPEC

Conditions préalables

The adversary must have internal, logical access to the target network and system.

Compétences requises

The adversary must be able to obtain or develop, as well as place malicious software inside the target network/system.

Ressources nécessaires

The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected.

Atténuations

Keep patches up to date by installing weekly or daily if possible.
Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Mitigations