| ID | Name |
|---|---|
| T1406.001 | Steganography |
| T1406.002 | Software Packing |
Adversaries may use steganography techniques in order to prevent the detection of hidden information. Steganographic techniques can be used to hide data in digital media such as images, audio tracks, video clips, or text files.
| ID | Name | Description |
|---|---|---|
| S0440 | Agent Smith |
Agent Smith’s core malware is disguised as a JPG file, and encrypted with an XOR cipher.[1] |
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
Detection of steganography is difficult unless detectable artifacts with a known signature are left behind by the obfuscation process. Look for strings are other signatures left in system artifacts related to decoding steganography.