<<< Hide Navigation Hide TOC >>>
Suspicious Extrac32 Alternate Data Stream Execution (4b13db67-0c45-40f1-aba8-66a1a7198a1e)
Extract data from cab file and hide it in an alternate data stream
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) | Attack Pattern | Suspicious Extrac32 Alternate Data Stream Execution (4b13db67-0c45-40f1-aba8-66a1a7198a1e) | Sigma-Rules | 1 |
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) | Attack Pattern | Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) | Attack Pattern | 2 |