Potential Base64 Decoded From Images (09a910bf-f71f-4737-9c40-88880ba5913d)
Detects the use of tail to extract bytes at an offset from an image and then decode the base64 value to create a new file with the decoded content. The detected execution is a bash one-liner.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) | Attack Pattern | Potential Base64 Decoded From Images (09a910bf-f71f-4737-9c40-88880ba5913d) | Sigma-Rules | 1 |