Detailedlikelihood: Lowseverity: HighStable

CAPEC-558Replace Trusted Executable

Abstraction
Detailed
Status
Stable
Likelihood
Low
Severity
High

Description

An adversary exploits weaknesses in privilege management or access control to replace a trusted executable with a malicious version and enable the execution of malware when that trusted executable is called. Metadata: detailed CAPEC pattern, status stable, likelihood low, severity high. Underlying weakness: CWE-284. Mapped ATT&CK techniques: [object Object], [object Object]. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-284

MITRE ATT&CK crosswalk· 2

T1505.005: Server Software Component: Terminal Services DLLT1546.008: Event Triggered Execution: Accessibility Features

Related attack patterns· 1

CAPEC-542 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-284100%live

Related to2

TypeTargetConfidenceTier
SubTechniqueTerminal Services DLLt1505.005100%live
SubTechniqueAccessibility Featurest1546.008100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Replace Binaries
CAPEC
Modification of Windows Service Configuration
CAPEC
Local Execution of Code
CAPEC
Modify Shared File
CAPEC
Modify Existing Service
CAPEC
Task Impersonation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.