T1027 (Obfuscated Files or Information)
GPTKB entity
Statements (22)
Predicate | Object |
---|---|
gptkbp:instanceOf |
MITRE ATT&CK technique
|
gptkbp:affiliatedWith |
gptkb:MITRE_ATT&CK_framework
|
gptkbp:citation |
https://attack.mitre.org/techniques/T1027/
|
gptkbp:describes |
Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system.
|
gptkbp:detects |
Monitor for files with high entropy or known obfuscation patterns.
|
gptkbp:discoveredBy |
2017
|
gptkbp:example |
encryption
Base64 encoding steganography packing |
https://www.w3.org/2000/01/rdf-schema#label |
T1027 (Obfuscated Files or Information)
|
gptkbp:mitigatedBy |
Monitor for suspicious file modifications or creation.
Use network intrusion detection and prevention systems to identify suspicious file transfers. |
gptkbp:platform |
gptkb:Windows
gptkb:macOS gptkb:Linux |
gptkbp:tactics |
gptkb:Defense_Evasion
|
gptkbp:technique |
T1027
|
gptkbp:usedBy |
malware
adversaries |
gptkbp:bfsParent |
gptkb:SofacyADVSTORESHELL
|
gptkbp:bfsLayer |
7
|