test_scratch
/
cti-ATT-CK-v13.1
/capec
/2.1
/attack-pattern
/attack-pattern--0e5c8f31-5099-41ae-a6b8-f6d0434970fe.json
{ | |
"id": "bundle--45d9f488-0c48-4ce1-8f46-f049aca88ab6", | |
"objects": [ | |
{ | |
"created": "2022-09-29T00:00:00.000Z", | |
"created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", | |
"description": "\n <xhtml:p>An adversary alters the metadata of a resource (e.g., file, directory, repository, etc.) to present a malicious resource as legitimate/credible.</xhtml:p>\n ", | |
"external_references": [ | |
{ | |
"external_id": "CAPEC-690", | |
"source_name": "capec", | |
"url": "https://capec.mitre.org/data/definitions/690.html" | |
} | |
], | |
"id": "attack-pattern--0e5c8f31-5099-41ae-a6b8-f6d0434970fe", | |
"modified": "2022-09-29T00:00:00.000Z", | |
"name": "Metadata Spoofing", | |
"object_marking_refs": [ | |
"marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d" | |
], | |
"spec_version": "2.1", | |
"type": "attack-pattern", | |
"x_capec_abstraction": "Meta", | |
"x_capec_consequences": { | |
"Access_Control": [ | |
"Execute Unauthorized Commands" | |
], | |
"Accountability": [ | |
"Hide Activities" | |
], | |
"Authorization": [ | |
"Execute Unauthorized Commands" | |
], | |
"Integrity": [ | |
"Modify Data" | |
] | |
}, | |
"x_capec_domains": [ | |
"Social Engineering", | |
"Supply Chain", | |
"Software" | |
], | |
"x_capec_extended_description": "\n <xhtml:p>One approach to this attack entails the adversary altering a maliciously modified resource's metadata in order to hide their malicious activity. Another approach involves altering the metadata of an adversary-created resource to make the source appear more credible. Adversaries may spoof a variety of metadata across a number of resources, such as the following:</xhtml:p>\n <xhtml:ul>\n <xhtml:li>Authors of Version Control System (VCS) repository commits</xhtml:li>\n <xhtml:li>Open source package statistics</xhtml:li>\n <xhtml:li>File attributes, such as when a file was last update</xhtml:li>\n </xhtml:ul>\n <xhtml:p>The ultimate goal of a Metadata Spoofing attack is to trick victims into believing the malicious resource being provided originates from a reputable source. However, the victim instead leverages the malicious resource, which could result in a number of negative technical impacts.</xhtml:p>\n ", | |
"x_capec_likelihood_of_attack": "Medium", | |
"x_capec_parent_of_refs": [ | |
"attack-pattern--6ed35753-d365-4be2-a044-2fcc6e191b5a" | |
], | |
"x_capec_prerequisites": [ | |
"Identification of a resource whose metadata is to be spoofed" | |
], | |
"x_capec_skills_required": { | |
"Medium": "Ability to spoof a variety of metadata to convince victims the source is trusted" | |
}, | |
"x_capec_status": "Stable", | |
"x_capec_typical_severity": "High", | |
"x_capec_version": "3.9" | |
} | |
], | |
"type": "bundle" | |
} |