Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- | Number | Capec-ID | Threat |
- |---------------------|-----------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
- | 1 | CAPEC-225: Subvert Access Control | A hacker successfully gains control of a privileged user account and transfers the funds to her own account.
- | 2 | CAPEC-225: Subvert Access Control | A hacker successfully infiltrates an employee's computer and retrieves the file containing the private keys for an account. |
- | 3 | CAPEC-225: Subvert Access Control | The administrative account is compromised allowing the hacker to make unauthorized fund transfers. |
- | 4 | CAPEC-210: Abuse Existing Functionality | Functions used by developers to upgrade the smart contracts was utilized to drain funds from the contract system. |
- | 5 | CAPEC-156: Engage in Deceptive Interactions | The official website is hacked and replaced with a false one that records user information and attempts to lure them into uploading their private keys. |
- | 6 | CAPEC-156: Engage in Deceptive Interactions | The system administrator receives a call from what he thought is his CTO to reset his password. A hacker uses the CTO's account to gain access to a server that stores the private key of an account and drains all its fund. |
- | 7 | CAPEC-125: Flooding | A hacker deliberately drives up the price of gas in order to prevent a token sale from successfully completing. |
- | 8 | CAPEC-125: Flooding | Denial of Service attack executed by sending a lot of simultaneous requests to a centralized application makes the service unusable. |≤
- | 9 | CAPEC-98: Phishing | Compromised e-mail accounts are used to send e-mails soliciting for user account information from employees. |
- | 10 | CAPEC-98: Phishing | E-mails containing malicious attachments are sent to employees to infect their computers and look for wallet private keys. |
- | 11 | CAPEC-98: Phishing | The organization's telegram channels are used to solicit users under false claims to transfer funds to the hacker's own account. |
- | 12 | CAPEC-255: Manipulate Data Structures | Captured by the Smart Contract specific incidents. |
- | 13 | CAPEC-118: Collect and Analyze Information | The Gitter Channel is monitored for a few weeks as the hacker wants to find out who was on the technical team of the company. |
- | 14 | CAPEC-118: Collect and Analyze Information | Hacker monitors the traveling patterns of company employees in order to successfully steal a company-issued laptop. |
- | 15 | CAPEC-118: Collect and Analyze Information | Hacker analyzes organization's e-mail traffic in order to find out who their hosting service provider and to leverage the information for further attacks. |
- | 16 | CAPEC-212: Functionality Misuse | Captured by the Smart Contract specific incidents. |
- | 17 | CAPEC-21: Exploitation of Trusted Credentials | The CTO utilizes his credentials to steal funds from the organization's wallet after being terminated. |
- | 18 | CAPEC-21: Exploitation of Trusted Credentials | An employee left the organization due to a dispute and posted all the private keys in a public forum. |
Add Comment
Please, Sign In to add comment