Dark Mode

Settings

Capec-655 Detail

Avoid Security Tool Identification by Adding Data

Detailed Software Likelihood: High Typical Severity: High

Parents: 572

Threats: T68

Description

An adversary adds data to a file to increase the file size beyond what security tools are capable of handling in an attempt to mask their actions. In addition to this, adding data to a file also changes the file's hash, frustrating security tools that look for known bad files by their hash.

Not present

External ID Source Link Description
CAPEC-655 capec https://capec.mitre.org/data/definitions/655.html
T1027.001 ATTACK https://attack.mitre.org/wiki/Technique/T1027/001 Obfuscated Files or Information:Binary padding

Not present

Not present

Not present

Not present

Integrity Accountability
Modify Data Hide Activities
Bypass Protection Mechanism
  1. Adding data to change the checksum of a file and can be used to avoid hash- based denylists and static anti-virus signatures.

We use cookies to ensure you get the best experience on our website.