Standardseverity: Very HighStable

CAPEC-555Remote Services with Stolen Credentials

Abstraction
Standard
Status
Stable
Severity
Very High

Description

This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed. Metadata: standard CAPEC pattern, status stable, severity very high. Underlying weaknesses: CWE-522, CWE-308, CWE-309, CWE-294, CWE-263 (and 2 more). Mapped ATT&CK techniques: [object Object], [object Object], [object Object]. Related CAPEC patterns: [object Object], [object Object].

Related weaknesses· 7

CWE-522CWE-308CWE-309CWE-294CWE-263CWE-262CWE-521

MITRE ATT&CK crosswalk· 3

T1021: Remote ServicesT1114.002: Email Collection:Remote Email CollectionT1133: External Remote Services

Related attack patterns· 2

CAPEC-560 (ChildOf)CAPEC-151 (CanPrecede)

Exploits7

TypeTargetConfidenceTier
WeaknessPassword Aging with Long Expirationcwe-263100%live
WeaknessNot Using Password Agingcwe-262100%live
WeaknessInsufficiently Protected Credentialscwe-522100%live
WeaknessWeak Password Requirementscwe-521100%live
WeaknessUse of Password System for Primary Authenticationcwe-309100%live
WeaknessAuthentication Bypass by Capture-replaycwe-294100%live
WeaknessUse of Single-factor Authenticationcwe-308100%live

Related to3

TypeTargetConfidenceTier
TechniqueExternal Remote Servicest1133100%live
TechniqueRemote Servicest1021100%live
SubTechniqueRemote Email Collectiont1114.002100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Windows Admin Shares with Stolen Credentials
CAPEC
Use of Known Domain Credentials
CAPEC
Use of Known Operating System Credentials
Technique
Remote Service Session Hijacking
CAPEC
Credential Prompt Impersonation
CAPEC
Capture Credentials via Keylogger
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.