Threats Library
Reusable threat definitions (causes on the left side of bow-tie diagrams).
Add Threat
Tags:
661 threats — page 14 of 14
| Name | Category | Tags | Description | |
|---|---|---|---|---|
| Obtain Capabilities: Tool | Resource Development | Adversaries may buy, steal, or download software tools that can be used during targeting. Tools can … | Edit | |
| Obtain Capabilities: Vulnerabilities | Resource Development | Adversaries may acquire information about vulnerabilities that can be used during targeting. A vulne… | Edit | |
| Stage Capabilities | Resource Development | Adversaries may upload, install, or otherwise set up capabilities that can be used during targeting.… | Edit | |
| Stage Capabilities: Drive-by Target | Resource Development | Adversaries may prepare an operational environment to infect systems that visit a website over the n… | Edit | |
| Stage Capabilities: Install Digital Certificate | Resource Development | Adversaries may install SSL/TLS certificates that can be used during targeting. SSL/TLS certificates… | Edit | |
| Stage Capabilities: Link Target | Resource Development | Adversaries may put in place resources that are referenced by a link that can be used during targeti… | Edit | |
| Stage Capabilities: SEO Poisoning | Resource Development | Adversaries may poison mechanisms that influence search engine optimization (SEO) to further lure st… | Edit | |
| Stage Capabilities: Upload Malware | Resource Development | Adversaries may upload malware to third-party or adversary controlled infrastructure to make it acce… | Edit | |
| Stage Capabilities: Upload Tool | Resource Development | Adversaries may upload tools to third-party or adversary controlled infrastructure to make it access… | Edit | |
| Phishing Attack on ERP Users | Social Engineering | Targeted phishing email tricks an ERP user into revealing credentials or executing a malicious attac… | Edit | |
| Exploitation of Unpatched ERP Vulnerability | Software Vulnerability | Attacker exploits a known, unpatched CVE in the ERP application or its underlying middleware to gain… | Edit |