CAPEC-694: System Location Discovery

Description
<p>An adversary collects information about the target system in an attempt to identify the system's geographical location.<p><p>Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.<p>
Extended Description

Many open-source software packages are hosted via third-party package managers (e.g., Node Package Manager, PyPi, Yarn, etc.) that allow for easy integration of software components into existing development environments. A package manager will typically include various metadata about the software and often include a link to the package's source code repository, to assist developers in determining the trustworthiness of the software. One common statistic used in this decision-making process is the popularity of the package. This entails checking the amount of "Stars" the package has received, which the package manager displays based on the provided source code repository URL. However, many package managers do not validate the connection between the package and source code repository being provided. Adversaries can thus spoof the popularity statistic of a malicious package by associating a popular source code repository URL with the package. This can ultimately trick developers into unintentionally incorporating the malicious package into their development environment.

Severity :

Very Low

Possibility :

High

Type :

Standard
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-169: Footprinting Footprinting
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The adversary must have some level of access to the system and have a basic understanding of the operating system in order to query the appropriate sources for relevant information.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Low The adversary must know how to query various system sources of information respective of the system's operating system to obtain the relevant information.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | System Language Discovery
Resources required

The adversary requires access to the target's operating system tools to query relevant system information. On windows, registry queries can be conducted with powershell, wmi, or regedit. On Linux or macOS, queries can be performed with through a shell.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Visit http://capec.mitre.org/ for more details.