Obfuscated Files or Information: Steganography

Other sub-techniques of Obfuscated Files or Information (2)

ID	Name
T1406.001	Steganography
T1406.002	Software Packing

Adversaries may use steganography techniques in order to prevent the detection of hidden information. Steganographic techniques can be used to hide data in digital media such as images, audio tracks, video clips, or text files.

ID: T1406.001

Sub-technique of: T1406

Tactic Type: Post-Adversary Device Access

ⓘ

Tactic: Defense Evasion

ⓘ

Platforms: Android

Version: 1.0

Created: 30 March 2022

Last Modified: 21 April 2022

Version Permalink

Live Version

Procedure Examples

ID	Name	Description
S0440	Agent Smith	Agent Smith’s core malware is disguised as a JPG file, and encrypted with an XOR cipher.^[1]

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

Detection

Detection of steganography is difficult unless detectable artifacts with a known signature are left behind by the obfuscation process. Look for strings are other signatures left in system artifacts related to decoding steganography.

References

A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.