32 lines
2.0 KiB
JSON
32 lines
2.0 KiB
JSON
{
|
|
"id": "bundle--5ddaeff9-eca7-4094-9e65-4f53da21a444",
|
|
"objects": [
|
|
{
|
|
"created": "2017-05-31T21:30:32.662702Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"description": "Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system.\n\nDetection: Detection of file obfuscation is difficult unless artifacts are left behind by the obfuscation process that are uniquely detectable with a signature. If detection of the obfuscation itself is not possible, it may be possible to detect the malicious activity that caused the obfuscated file (for example, the method that was used to write, read, or modify the file on the file system).\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: Network protocol analysis, Process use of network, Binary file metadata, File monitoring, Malware reverse engineering",
|
|
"external_references": [
|
|
{
|
|
"external_id": "T1027",
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/wiki/Technique/T1027"
|
|
}
|
|
],
|
|
"id": "attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-attack",
|
|
"phase_name": "defense-evasion"
|
|
}
|
|
],
|
|
"modified": "2017-05-31T21:30:32.662702Z",
|
|
"name": "Obfuscated Files or Information",
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"type": "attack-pattern"
|
|
}
|
|
],
|
|
"spec_version": "2.0",
|
|
"type": "bundle"
|
|
} |