Threats Library
Reusable threat definitions (causes on the left side of bow-tie diagrams).
Add Threat
Tags:
clear tags
18 threats — page 1 of 1
| Name | Category | Tags | Description | |
|---|---|---|---|---|
| Obfuscated Files or Information | Defense Evasion | Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting… | Edit | |
| Obfuscated Files or Information: Binary Padding | Defense Evasion | Adversaries may use binary padding to add junk data and change the on-disk representation of malware… | Edit | |
| Obfuscated Files or Information: Command Obfuscation | Defense Evasion | Adversaries may obfuscate content during command execution to impede detection. Command-line obfusca… | Edit | |
| Obfuscated Files or Information: Compile After Delivery | Defense Evasion | Adversaries may attempt to make payloads difficult to discover and analyze by delivering files to vi… | Edit | |
| Obfuscated Files or Information: Compression | Defense Evasion | Adversaries may use compression to obfuscate their payloads or files. Compressed file formats such a… | Edit | |
| Obfuscated Files or Information: Dynamic API Resolution | Defense Evasion | Adversaries may obfuscate then dynamically resolve API functions called by their malware in order to… | Edit | |
| Obfuscated Files or Information: Embedded Payloads | Defense Evasion | Adversaries may embed payloads within other files to conceal malicious content from defenses. Otherw… | Edit | |
| Obfuscated Files or Information: Encrypted/Encoded File | Defense Evasion | Adversaries may encrypt or encode files to obfuscate strings, bytes, and other specific patterns to … | Edit | |
| Obfuscated Files or Information: Fileless Storage | Defense Evasion | Adversaries may store data in "fileless" formats to conceal malicious activity from defenses. Filele… | Edit | |
| Obfuscated Files or Information: HTML Smuggling | Defense Evasion | Adversaries may smuggle data and files past content filters by hiding malicious payloads inside of s… | Edit | |
| Obfuscated Files or Information: Indicator Removal from Tools | Defense Evasion | Adversaries may remove indicators from tools if they believe their malicious tool was detected, quar… | Edit | |
| Obfuscated Files or Information: Junk Code Insertion | Defense Evasion | Adversaries may use junk code / dead code to obfuscate a malware’s functionality. Junk code is code … | Edit | |
| Obfuscated Files or Information: LNK Icon Smuggling | Defense Evasion | Adversaries may smuggle commands to download malicious payloads past content filters by hiding them … | Edit | |
| Obfuscated Files or Information: Polymorphic Code | Defense Evasion | Adversaries may utilize polymorphic code (also known as metamorphic or mutating code) to evade detec… | Edit | |
| Obfuscated Files or Information: SVG Smuggling | Defense Evasion | Adversaries may smuggle data and files past content filters by hiding malicious payloads inside of s… | Edit | |
| Obfuscated Files or Information: Software Packing | Defense Evasion | Adversaries may perform software packing or virtual machine software protection to conceal their cod… | Edit | |
| Obfuscated Files or Information: Steganography | Defense Evasion | Adversaries may use steganography techniques in order to prevent the detection of hidden information… | Edit | |
| Obfuscated Files or Information: Stripped Payloads | Defense Evasion | Adversaries may attempt to make a payload difficult to analyze by removing symbols, strings, and oth… | Edit |