| Name |
Establish Rogue Location |
|
| Likelyhood of attack |
Typical severity |
| Medium |
Medium |
|
| Summary |
An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the rogue location, the adversary waits for a victim to visit the location and access the malicious resource. |
| Prerequisites |
A resource is expected to available to the user. |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-154 |
An adversary deceives an application or user and convinces them to request a resource from an unintended location. By spoofing the location, the adversary can cause an alternate resource to be used, often one that the adversary controls and can be used to help them achieve their malicious goals. |
| CAPEC-691 |
An adversary spoofs open-source software metadata in an attempt to masquerade malicious software as popular, maintained, and trusted. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1036.005 |
Masquerading: Match Legitimate Name or Location |
|