Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-542:Targeted Malware
Attack Pattern ID:542
Version:v3.9
Attack Pattern Name:Targeted Malware
Abstraction:Standard
Status:Draft
Likelihood of Attack:
Typical Severity:
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM549Local Execution of Code
ParentOfD550Install New Service
ParentOfD551Modify Existing Service
ParentOfD552Install Rootkit
ParentOfD556Replace File Extension Handlers
ParentOfD558Replace Trusted Executable
ParentOfD564Run Software at Logon
ParentOfD579Replace Winlogon Helper DLL
ParentOfD698Install Malicious Extension
CanFollowD475Signature Spoofing by Improper Validation
CanPrecedeS662Adversary in the Browser (AiTB)
Nature: ChildOf
Type: Meta
ID: 549
Name: Local Execution of Code
Nature: ParentOf
Type: Detailed
ID: 550
Name: Install New Service
Nature: ParentOf
Type: Detailed
ID: 551
Name: Modify Existing Service
Nature: ParentOf
Type: Detailed
ID: 552
Name: Install Rootkit
Nature: ParentOf
Type: Detailed
ID: 556
Name: Replace File Extension Handlers
Nature: ParentOf
Type: Detailed
ID: 558
Name: Replace Trusted Executable
Nature: ParentOf
Type: Detailed
ID: 564
Name: Run Software at Logon
Nature: ParentOf
Type: Detailed
ID: 579
Name: Replace Winlogon Helper DLL
Nature: ParentOf
Type: Detailed
ID: 698
Name: Install Malicious Extension
Nature: CanFollow
Type: Detailed
ID: 475
Name: Signature Spoofing by Improper Validation
Nature: CanPrecede
Type: Standard
ID: 662
Name: Adversary in the Browser (AiTB)
▼Execution Flow
▼Prerequisites
▼Skills Required
▼Resources Required
▼Indicators
Software being run on a system matches a file signature found in a malware database
A suspicious module is loaded that is not regularly loaded by a system
Software on a system is making calls to "GetProcAddress()" which is a commonly used function to implement dynamic API resolution
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
▼Example Instances
▼Related Weaknesses
IDName
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1587.001Develop Capabilities: Malware
ATTACK1027Obfuscated Files or Information
Taxonomy Name: ATTACK
Entry ID: 1587.001
Entry Name: Develop Capabilities: Malware
Taxonomy Name: ATTACK
Entry ID: 1027
Entry Name: Obfuscated Files or Information
▼Notes
Other
Adversaries often utilize obfuscation techniques when developing malware with the purpose of either avoiding detection or prevent the target from reverse engineering and understanding a captured malware sample. Some of these techniques include, but are not limited to, binary padding, software packing, stripping symbols and strings from a payload, and utilizing dynamic API resolution.
▼References
Details not found