Standardlikelihood: Mediumseverity: HighStable

CAPEC-442Infected Software

Abstraction
Standard
Status
Stable
Likelihood
Medium
Severity
High

Description

An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the software and works behind the scenes to achieve negative impacts. Many times, the malicious logic is inserted into empty space between legitimate code, and is then called when the software is executed. This pattern of attack focuses on software already fielded and used in operation as opposed to software that is still under development and part of the supply chain.

Related weaknesses· 1

CWE-506

MITRE ATT&CK crosswalk· 2

T1195.001: Supply Chain Compromise: Compromise Software Dependencies and Development ToolsT1195.002: Supply Chain Compromise: Compromise Software Supply Chain

Related attack patterns· 1

CAPEC-441 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessEmbedded Malicious Codecwe-506100%live

Related to2

TypeTargetConfidenceTier
SubTechniqueCompromise Software Supply Chaint1195.002100%live
SubTechniqueCompromise Software Dependencies and Development Toolst1195.001100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Infected Hardware
CAPEC
Infected Memory
CAPEC
Malicious Logic Insertion
CAPEC
Malicious Software Implanted
CAPEC
Targeted Malware
CAPEC
Code Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.