T1027 (Obfuscated Files or Information)
GPTKB entity
Statements (22)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:MITRE_ATT&CK_technique
|
| gptkbp:affiliatedWith |
gptkb:MITRE_ATT&CK_framework
|
| gptkbp:citation |
https://attack.mitre.org/techniques/T1027/
|
| gptkbp:describes |
Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system.
|
| gptkbp:detects |
Monitor for files with high entropy or known obfuscation patterns.
|
| gptkbp:discoveredBy |
2017
|
| gptkbp:example |
encryption
Base64 encoding steganography packing |
| gptkbp:mitigatedBy |
Monitor for suspicious file modifications or creation.
Use network intrusion detection and prevention systems to identify suspicious file transfers. |
| gptkbp:platform |
gptkb:Windows
gptkb:macOS gptkb:Linux |
| gptkbp:tactics |
gptkb:Defense_Evasion
|
| gptkbp:technique |
T1027
|
| gptkbp:usedBy |
gptkb:malware
adversaries |
| gptkbp:bfsParent |
gptkb:SofacyADVSTORESHELL
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
T1027 (Obfuscated Files or Information)
|