Skip to content

Hide Navigation Hide TOC

Suspicious Invoke-Item From Mount-DiskImage (902cedee-0398-4e3a-8183-6f3a89773a96)

Adversaries may abuse container files such as disk image (.iso, .vhd) file formats to deliver malicious payloads that may not be tagged with MOTW.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Invoke-Item From Mount-DiskImage (902cedee-0398-4e3a-8183-6f3a89773a96) Sigma-Rules Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern 1
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern 2