Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-549:Local Execution of Code
Attack Pattern ID:549
Version:v3.9
Attack Pattern Name:Local Execution of Code
Abstraction:Meta
Status:Stable
Likelihood of Attack:Medium
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact. Examples include rootkits, ransomware, spyware, adware, and others.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ParentOfS542Targeted Malware
CanFollowD561Windows Admin Shares with Stolen Credentials
CanFollowD644Use of Captured Hashes (Pass The Hash)
Nature: ParentOf
Type: Standard
ID: 542
Name: Targeted Malware
Nature: CanFollow
Type: Detailed
ID: 561
Name: Windows Admin Shares with Stolen Credentials
Nature: CanFollow
Type: Detailed
ID: 644
Name: Use of Captured Hashes (Pass The Hash)
▼Execution Flow
▼Prerequisites
Knowledge of the target system's vulnerabilities that can be capitalized on with malicious code.The adversary must be able to place the malicious code on the target system.
▼Skills Required
▼Resources Required
The means by which the adversary intends to place the malicious code on the system dictates the tools required. For example, suppose the adversary wishes to leverage social engineering and convince a legitimate user to open a malicious file attached to a seemingly legitimate email. In this case, the adversary might require a tool capable of wrapping malicious code into an innocuous filetype (e.g., PDF, .doc, etc.)
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
ConfidentialityIntegrityAvailabilityN/AExecute Unauthorized CommandsRun Arbitrary Code
ConfidentialityIntegrityAvailabilityN/AOtherDepending on the type of code executed by the adversary, the consequences of this attack pattern can vary widely.
Scope: Confidentiality, Integrity, Availability
Likelihood: N/A
Impact: Execute Unauthorized Commands
Note: Run Arbitrary Code
Scope: Confidentiality, Integrity, Availability
Likelihood: N/A
Impact: Other
Note: Depending on the type of code executed by the adversary, the consequences of this attack pattern can vary widely.
▼Mitigations
Employ robust cybersecurity training for all employees.
Implement system antivirus software that scans all attachments before opening them.
Regularly patch all software.
Execute all suspicious files in a sandbox environment.
▼Example Instances
▼Related Weaknesses
IDName
CWE-829Inclusion of Functionality from Untrusted Control Sphere
ID: CWE-829
Name: Inclusion of Functionality from Untrusted Control Sphere
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
▼Notes
▼References
Details not found