Find sigma rule
Attack: Data Obfuscation via Steganography
Adversaries may use steganographic techniques to hide command and control traffic to make detection efforts more difficult. Steganographic techniques can be used to hide data in digital messages that are transferred between systems. This hidden information can be used for command and control of compromised systems. In some cases, the passing of files embedded using steganography, such as image or document files, can be used for command and control.
MITRE
Tactic
- command-and-control
technique
- T1001.002
Test : Execute Embedded Script in Image via Steganography
OS
- linux
Description:
This atomic test demonstrates the execution of an embedded script in an image file using steganography techniques. The script is first encoded in base64 and then embedded within the pixels of the image. The modified image is created, and the script is extracted and executed on the target system.
Executor
sh