CAPEC-529: Malware-Directed Internal Reconnaissance
Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configuration, and security mechanisms of a targeted application, system or network.
Last updated
Overview
CAPEC-529 (Malware-Directed Internal Reconnaissance) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must have internal, logical access to the target network and system.
Skills required
- Medium skill: The adversary must be able to obtain or develop, as well as place malicious software inside the target network/system.
Resources required
- The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected.
Consequences
What a successful CAPEC-529 attack can achieve.
Read Data
Affects: Confidentiality
How to mitigate it
Defenses that reduce the risk of CAPEC-529.
- Keep patches up to date by installing weekly or daily if possible.
- Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.
Frequently asked questions
Common questions about CAPEC-529.
- What is CAPEC-529?
- Adversary uses malware or a similarly controlled application installed inside an organizational perimeter to gather information about the composition, configuration, and security mechanisms of a targeted application, system or network.
- How do you prevent CAPEC-529?
- Keep patches up to date by installing weekly or daily if possible.
- How severe is CAPEC-529?
- MITRE rates CAPEC-529 as Medium severity with medium likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-529
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.