Common Information
| Type | Value |
|---|---|
| Value |
Binary Padding - T1009 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Some security tools inspect files with static signatures to determine if they are known malicious. Adversaries may add data to files to increase the size beyond what security tools are capable of handling or to change the file hash to avoid hash-based blacklists. Detection: Depending on the method used to pad files, a file-based signature may be capable of detecting padding using a scanning or on-access based tool. When executed, the resulting process from padded files may also exhibit other behavior characteristics of being used to conduct an intrusion such as system and network information Discovery or Lateral Movement, which could be used as event indicators that point to the source file. Platforms: Linux, macOS, Windows Defense Bypassed: Anti-virus, Signature-based detection |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-14 | 72 | Weekly Intelligence Report - 15 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-22 | 96 | Grandoreiro, the global trojan with grandiose ambitions | ||
| Details | Website | 2024-10-22 | 98 | Grandoreiro banking trojan: overview of recent versions and new tricks | ||
| Details | Website | 2024-10-21 | 52 | Akira ransomware continues to evolve | ||
| Details | Website | 2024-10-21 | 52 | Akira ransomware continues to evolve | ||
| Details | Website | 2024-09-28 | 97 | Silent Push maps over 150 new Lumma C2 infostealer IOCs — Silent Push Threat Intelligence | ||
| Details | Website | 2024-09-16 | 2 | EchoStrike: Generate undetectable reverse shells, perform process injection - Help Net Security | ||
| Details | Website | 2024-08-26 | 30 | Threat Intelligence Report 20th August – 26th August 2024 | ||
| Details | Website | 2024-04-17 | 90 | Malvertising campaign targeting IT teams with MadMxShell | ||
| Details | Website | 2024-04-11 | 24 | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear | ||
| Details | Website | 2024-02-22 | 16 | YouTube targeted in expansive Russian C2 malware operation — Silent Push Threat Intelligence | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-11-19 | 117 | LitterDrifter: a new USB worm used by the Gamaredon group | ||
| Details | Website | 2023-11-03 | 3 | Detect Phishing Emails by Inspecting Email Headers, Attachments, and URLs | ||
| Details | Website | 2023-10-04 | 88 | A peek into APT36’s updated arsenal | ||
| Details | Website | 2023-09-15 | 816 | UNC3944: SMS Phishing, SIM Swapping, and Ransomware Attacks | ||
| Details | Website | 2023-09-11 | 38 | OriginBotnet Spreads via Malicious Word Document | FortiGuard Labs | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-10 | 4 | Do You Speak Multiple Languages? Malware Does. | HP Wolf Security | ||
| Details | Website | 2023-07-06 | 239 | Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA | ||
| Details | Website | 2023-06-15 | 37 | eSentire Threat Intelligence Malware Analysis: Aurora Stealer | ||
| Details | Website | 2023-05-30 | 64 | Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals | ||
| Details | Website | 2023-05-30 | 66 | Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals | ||
| Details | Website | 2023-05-18 | 4 | How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems | ||
| Details | Website | 2023-04-17 | 32 | Stealer Malware Analysis: With file padding to avoid detection. |