cti-ATT-CK-v13.1/capec/2.1/attack-pattern/attack-pattern--0e5c8f31-5099-41ae-a6b8-f6d0434970fe.json

{
    "id": "bundle--45d9f488-0c48-4ce1-8f46-f049aca88ab6",
    "objects": [
        {
            "created": "2022-09-29T00:00:00.000Z",
            "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
            "description": "\n            <xhtml:p>An adversary alters the metadata of a resource (e.g., file, directory, repository, etc.) to present a malicious resource as legitimate/credible.</xhtml:p>\n         ",
            "external_references": [
                {
                    "external_id": "CAPEC-690",
                    "source_name": "capec",
                    "url": "https://capec.mitre.org/data/definitions/690.html"
                }
            ],
            "id": "attack-pattern--0e5c8f31-5099-41ae-a6b8-f6d0434970fe",
            "modified": "2022-09-29T00:00:00.000Z",
            "name": "Metadata Spoofing",
            "object_marking_refs": [
                "marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
            ],
            "spec_version": "2.1",
            "type": "attack-pattern",
            "x_capec_abstraction": "Meta",
            "x_capec_consequences": {
                "Access_Control": [
                    "Execute Unauthorized Commands"
                ],
                "Accountability": [
                    "Hide Activities"
                ],
                "Authorization": [
                    "Execute Unauthorized Commands"
                ],
                "Integrity": [
                    "Modify Data"
                ]
            },
            "x_capec_domains": [
                "Social Engineering",
                "Supply Chain",
                "Software"
            ],
            "x_capec_extended_description": "\n            <xhtml:p>One approach to this attack entails the adversary altering a maliciously modified resource's metadata in order to hide their malicious activity. Another approach involves altering the metadata of an adversary-created resource to make the source appear more credible. Adversaries may spoof a variety of metadata across a number of resources, such as the following:</xhtml:p>\n            <xhtml:ul>\n               <xhtml:li>Authors of Version Control System (VCS) repository commits</xhtml:li>\n               <xhtml:li>Open source package statistics</xhtml:li>\n               <xhtml:li>File attributes, such as when a file was last update</xhtml:li>\n            </xhtml:ul>\n            <xhtml:p>The ultimate goal of a Metadata Spoofing attack is to trick victims into believing the malicious resource being provided originates from a reputable source. However, the victim instead leverages the malicious resource, which could result in a number of negative technical impacts.</xhtml:p>\n         ",
            "x_capec_likelihood_of_attack": "Medium",
            "x_capec_parent_of_refs": [
                "attack-pattern--6ed35753-d365-4be2-a044-2fcc6e191b5a"
            ],
            "x_capec_prerequisites": [
                "Identification of a resource whose metadata is to be spoofed"
            ],
            "x_capec_skills_required": {
                "Medium": "Ability to spoof a variety of metadata to convince victims the source is trusted"
            },
            "x_capec_status": "Stable",
            "x_capec_typical_severity": "High",
            "x_capec_version": "3.9"
        }
    ],
    "type": "bundle"
}