Standardseverity: HighDraft

CAPEC-186Malicious Software Update

Abstraction
Standard
Status
Draft
Severity
High

Description

An adversary uses deceptive methods to cause a user or an automated process to download and install dangerous code believed to be a valid update that originates from an adversary controlled source. Metadata: standard CAPEC pattern, status draft, severity high. Underlying weakness: CWE-494. Mapped ATT&CK technique: [object Object]. Related CAPEC patterns: [object Object], [object Object].

Related weaknesses· 1

CWE-494

MITRE ATT&CK crosswalk· 1

T1195.002: Supply Chain Compromise: Compromise Software Supply Chain

Related attack patterns· 2

CAPEC-184 (ChildOf)CAPEC-98 (CanFollow)

Exploits1

TypeTargetConfidenceTier
WeaknessDownload of Code Without Integrity Checkcwe-494100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueCompromise Software Supply Chaint1195.002100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Malicious Software Download
CAPEC
Malicious Automated Software Update via Redirection
CAPEC
Malicious Manual Software Update
CAPEC
Malicious Automated Software Update via Spoofing
CAPEC
Alteration of a Software Update
CAPEC
Software Integrity Attack
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.