Detailedlikelihood: Mediumseverity: HighStable

CAPEC-443Malicious Logic Inserted Into Product by Authorized Developer

Abstraction
Detailed
Status
Stable
Likelihood
Medium
Severity
High

Description

An adversary uses their privileged position within an authorized development organization to inject malicious logic into a codebase or product. Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity high. Mapped ATT&CK techniques: [object Object], [object Object]. Related CAPEC pattern: [object Object].

MITRE ATT&CK crosswalk· 2

T1195.002: Supply Chain Compromise: Compromise Software Supply ChainT1195.003: Supply Chain Compromise: Compromise Hardware Supply Chain

Related attack patterns· 1

CAPEC-444 (ChildOf)

Related to2

TypeTargetConfidenceTier
SubTechniqueCompromise Software Supply Chaint1195.002100%live
SubTechniqueCompromise Hardware Supply Chaint1195.003100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Malicious Logic Insertion into Product Software via Configuration Management Manipulation
CAPEC
Malicious Logic Insertion into Product via Inclusion of Third-Party Component
CAPEC
Developer Signing Maliciously Altered Software
CAPEC
Development Alteration
CAPEC
ASIC With Malicious Functionality
CAPEC
Malicious Code Implanted During Chip Programming
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.