Detailedlikelihood: Mediumseverity: HighDraft

CAPEC-552Install Rootkit

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
High

Description

An adversary exploits a weakness in authentication to install malware that alters the functionality and information provide by targeted operating system API calls. Often referred to as rootkits, it is often used to hide the presence of programs, files, network connections, services, drivers, and other system components.

Related weaknesses· 1

CWE-284

MITRE ATT&CK crosswalk· 3

T1014: RootkitT1542.003: Pre-OS Boot:BootkitT1547.006: Boot or Logon Autostart Execution:Kernel Modules and Extensions

Related attack patterns· 1

CAPEC-542 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-284100%live

Related to3

TypeTargetConfidenceTier
SubTechniqueKernel Modules and Extensionst1547.006100%live
SubTechniqueBootkitt1542.003100%live
TechniqueRootkitt1014100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Install New Service
CAPEC
Infected Hardware
CAPEC
Local Execution of Code
CAPEC
Root/Jailbreak Detection Evasion via Hooking
Technique
Rootkit
CAPEC
Hijacking a privileged process
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.