CAPEC-636: Hiding Malicious Data or Code within Files
Standard
Draft
严重程度: High
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata about the file, such as a cached thumbnail for an image file. Unless utilities are invoked in a particular way, this data is not visible during the normal use of the file. It is possible for an attacker to store malicious data or code using these facilities, which would be difficult to discover.
前提条件
- The operating system must support a file system that allows for alternate data storage for a file.
缓解措施
Many tools are available to search for the hidden data. Scan regularly for such data using one of these tools.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1001.002 | Data Obfuscation: Steganography |
| ATTACK | 1027.003 | Obfuscated Files or Information: Steganography |
| ATTACK | 1027.004 | Obfuscated Files or Information: Compile After Delivery |
| ATTACK | 1218.001 | Signed Binary Proxy Execution: Compiled HTML File |
| ATTACK | 1221 | Template Injection |