| Name |
Install Rootkit |
|
| Likelyhood of attack |
Typical severity |
| Medium |
High |
|
| Summary |
An adversary exploits a weakness in authentication to install malware that alters the functionality and information provide by targeted operating system API calls. Often referred to as rootkits, it is often used to hide the presence of programs, files, network connections, services, drivers, and other system components. |
| Prerequisites |
|
| Solutions | Prevent adversary access to privileged accounts necessary to install rootkits. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-284 |
Improper Access Control |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-542 |
An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1014 |
Rootkit |
| 1542.003 |
Pre-OS Boot:Bootkit |
| 1547.006 |
Boot or Logon Autostart Execution:Kernel Modules and Extensions |
|