T1027 (Obfuscated Files or Information)

GPTKB entity

Statements (22)
Predicate Object
gptkbp:instanceOf MITRE ATT&CK technique
gptkbp:affiliatedWith gptkb:MITRE_ATT&CK_framework
gptkbp:citation https://attack.mitre.org/techniques/T1027/
gptkbp:describes Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system.
gptkbp:detects Monitor for files with high entropy or known obfuscation patterns.
gptkbp:discoveredBy 2017
gptkbp:example encryption
Base64 encoding
steganography
packing
https://www.w3.org/2000/01/rdf-schema#label T1027 (Obfuscated Files or Information)
gptkbp:mitigatedBy Monitor for suspicious file modifications or creation.
Use network intrusion detection and prevention systems to identify suspicious file transfers.
gptkbp:platform gptkb:Windows
gptkb:macOS
gptkb:Linux
gptkbp:tactics gptkb:Defense_Evasion
gptkbp:technique T1027
gptkbp:usedBy malware
adversaries
gptkbp:bfsParent gptkb:SofacyADVSTORESHELL
gptkbp:bfsLayer 7