Show in Graph
Common Information
Type Value
Value 
Malicious File - T1204.002
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from [Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001). Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl. Adversaries may employ various forms of [Masquerading](https://attack.mitre.org/techniques/T1036) and [Obfuscated Files or Information](https://attack.mitre.org/techniques/T1027) to increase the likelihood that a user will open and successfully execute a malicious file. These methods may include using a familiar naming convention and/or password protecting the file and supplying instructions to a user on how to open it.(Citation: Password Protected Word Docs) While [Malicious File](https://attack.mitre.org/techniques/T1204/002) frequently occurs shortly after Initial Access it may occur at other phases of an intrusion, such as when an adversary places a file in a shared directory or on a user's desktop hoping that a user will click on it. This activity may also be seen shortly after [Internal Spearphishing](https://attack.mitre.org/techniques/T1534).
Details Published Attributes CTI Title
Details Website 2024-12-19 17 Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users. — Silent Push Threat Intelligence
Details Website 2024-12-03 48 Privacy tools (not) for you — Silent Push Threat Intelligence
Details Website 2024-11-17 0 From Detection to Response: The Power of XDR in Cybersecurity
Details Website 2024-11-17 2 Malware and Cache
Details Website 2024-11-17 6 Automating Security with Wazuh Active Response
Details Website 2024-11-16 27 KQL KC7 — AzureCrest : Section 4 & 5
Details Website 2024-11-16 6 Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations - CyberSRC
Details Website 2024-11-15 3 Hack The Box | Sherlock | Unit42
Details Website 2024-11-15 8 Proving Grounds Practice — Flimsy
Details Website 2024-11-15 7 Easy $20,160 bug from hackerone
Details Website 2024-11-14 4 Simple Include Statement Hides Casino Spam
Details Website 2024-11-14 0 The CrowdStrike Incident: The Devil is in the Details, and Chaos is in the Code - Cybersecurity Insiders
Details Website 2024-11-14 4 Update now! November Patch Tuesday tackles 4 zero-days, two actively exploited - ThreatDown by Malwarebytes
Details Website 2024-11-14 3 Windows 0-Day Exploited in Wild with Single Right Click
Details Website 2024-11-14 5 CVE-2024-43451 allows stealing NTLMv2 hash
Details Website 2024-11-14 3 ZDI-24-1511
Details Website 2024-11-13 4 WriteUp > LetsDefend : Infection with Cobalt Strike
Details Website 2024-11-13 7 Microsoft Patch Tuesday: November 2024 - Arctic Wolf
Details Website 2024-11-13 7 Microsoft Patch Tuesday: November 2024 | Arctic Wolf
Details Website 2024-11-13 16 Microsoft’s November 2024 Patch Tuesday: 89 Vulnerabilities Addressed, Two Active Zero-Day Exploits - SOCRadar® Cyber Intelligence Inc.
Details Website 2024-11-13 17 Microsoft’s November 2024 Patch Tuesday: 89 Vulnerabilities Addressed, Two Active Zero-Day Exploits
Details Website 2024-11-13 0 Cyber Threat Intelligence: Data Ingestion and Synergy With Other Units
Details Website 2024-11-13 55 HawkEye Malware: Technical Analysis
Details Website 2024-11-13 55 HawkEye Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog
Details Website 2024-11-13 2 Black Alps 2024: Highlights from Switzerland Cybersecurity Ecosystem