Suspicious Extrac32 Alternate Data Stream Execution (4b13db67-0c45-40f1-aba8-66a1a7198a1e)

Extract data from cab file and hide it in an alternate data stream

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious Extrac32 Alternate Data Stream Execution (4b13db67-0c45-40f1-aba8-66a1a7198a1e)	Sigma-Rules	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	1
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2