{
    "id": "bundle--8eb54728-98d7-47c9-b501-cd2f38a65bc7",
    "objects": [
        {
            "created": "2021-06-24T00:00:00.000Z",
            "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
            "description": "An adversary with the ability to alter tools used in a development environment causes software to be developed with maliciously modified tools. Such tools include requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools. The adversary then carries out malicious acts once the software is deployed including malware infection of other systems to support further compromises.",
            "external_references": [
                {
                    "external_id": "CAPEC-670",
                    "source_name": "capec",
                    "url": "https://capec.mitre.org/data/definitions/670.html"
                },
                {
                    "description": "Trusted Developer Utilities Proxy Execution",
                    "external_id": "T1127",
                    "source_name": "ATTACK",
                    "url": "https://attack.mitre.org/wiki/Technique/T1127"
                },
                {
                    "description": "Supply Chain Compromise: Compromise Software Dependencies and Development Tools",
                    "external_id": "T1195.001",
                    "source_name": "ATTACK",
                    "url": "https://attack.mitre.org/wiki/Technique/T1195/001"
                },
                {
                    "description": "Melinda Reed, John F. Miller, Paul Popick, Supply Chain Attack Patterns: Framework and Catalog, 2014--08, Office of the Assistant Secretary of Defense for Research and Engineering",
                    "external_id": "REF-660",
                    "source_name": "reference_from_CAPEC",
                    "url": "https://docplayer.net/13041016-Supply-chain-attack-patterns-framework-and-catalog.html"
                },
                {
                    "description": "John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation",
                    "external_id": "REF-439",
                    "source_name": "reference_from_CAPEC",
                    "url": "http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf"
                },
                {
                    "description": "Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor, 2020--12---13, Schneier on Security",
                    "external_id": "REF-667",
                    "source_name": "reference_from_CAPEC",
                    "url": "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
                }
            ],
            "id": "attack-pattern--14ed805a-65a4-45c2-8e4e-626f22226465",
            "modified": "2022-09-29T00:00:00.000Z",
            "name": "Software Development Tools Maliciously Altered",
            "object_marking_refs": [
                "marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
            ],
            "spec_version": "2.1",
            "type": "attack-pattern",
            "x_capec_abstraction": "Detailed",
            "x_capec_can_precede_refs": [
                "attack-pattern--69b5d398-114d-437d-a8db-06f1382012b7"
            ],
            "x_capec_child_of_refs": [
                "attack-pattern--efb74200-657d-438c-aaff-bbd9644dd72d"
            ],
            "x_capec_consequences": {
                "Access_Control": [
                    "Gain Privileges"
                ],
                "Confidentiality": [
                    "Modify Data",
                    "Read Data"
                ],
                "Integrity": [
                    "Execute Unauthorized Commands"
                ]
            },
            "x_capec_domains": [
                "Supply Chain",
                "Software"
            ],
            "x_capec_example_instances": [
                "An adversary with access to software build tools inside an Integrated Development Environment IDE alters a script used for downloading dependencies from a dependent code repository where the script has been changed to include malicious code implanted in the repository by the adversary."
            ],
            "x_capec_likelihood_of_attack": "Low",
            "x_capec_prerequisites": [
                "An adversary would need to have access to a targeted developer’s development environment and in particular to tools used to design, create, test and manage software, where the adversary could ensure malicious code is included in software packages built through alteration or substitution of tools in the environment used in the development of software."
            ],
            "x_capec_skills_required": {
                "High": "Ability to leverage common delivery mechanisms (e.g., email attachments, removable media) to infiltrate a development environment to gain access to software development tools for the purpose of malware insertion into an existing tool or replacement of an existing tool with a maliciously altered copy."
            },
            "x_capec_status": "Draft",
            "x_capec_typical_severity": "High",
            "x_capec_version": "3.9"
        }
    ],
    "type": "bundle"
}