CAPEC-529

Standard Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Stable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Medium Severity: Medium
Malware-Directed Internal Reconnaissance

Description

Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configuration, and security mechanisms of a targeted application, system or network.

Prerequisites

The adversary must have internal, logical access to the target network and system.

Mitigations

Keep patches up to date by installing weekly or daily if possible.

Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.

Skills Required

[Medium] The adversary must be able to obtain or develop, as well as place malicious software inside the target network/system.