Dark Mode
Capec-636 Detail
Hiding Malicious Data or Code within Files
Standard Software Typical Severity: High
Parents: 165
Children: 35 168
Threats: T68 T274 T393
Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata about the file, such as a cached thumbnail for an image file. Unless utilities are invoked in a particular way, this data is not visible during the normal use of the file. It is possible for an attacker to store malicious data or code using these facilities, which would be difficult to discover.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-636 | capec | https://capec.mitre.org/data/definitions/636.html | |
| CWE-506 | cwe | http://cwe.mitre.org/data/definitions/506.html | |
| T1001.002 | ATTACK | https://attack.mitre.org/wiki/Technique/T1001/002 | Data Obfuscation: Steganography |
| T1027.003 | ATTACK | https://attack.mitre.org/wiki/Technique/T1027/003 | Obfuscated Files or Information: Steganography |
| T1027.004 | ATTACK | https://attack.mitre.org/wiki/Technique/T1027/004 | Obfuscated Files or Information: Compile After Delivery |
| T1218.001 | ATTACK | https://attack.mitre.org/wiki/Technique/T1218/001 | Signed Binary Proxy Execution: Compiled HTML File |
| T1221 | ATTACK | https://attack.mitre.org/wiki/Technique/T1221 | Template Injection |
| REF-493 | reference_from_CAPEC | https://www.giac.org/paper/gcwn/230/alternate-data-streams-shadows-light/104234 | Means, Ryan L., Alternate Data Streams: Out of the Shadows and into the Light, SANS Institute |
Not present
- The operating system must support a file system that allows for alternate data storage for a file.
Not present
Not present
Not present
Not present