EXPLORE
Sign In
← Back to Explore
T1027.001

Binary Padding

Adversaries may use binary padding to add junk data and change the on-disk representation of malware. This can be done without affecting the functionality or behavior of a binary, but can increase the size of the binary beyond what some security tools are capable of handling due to file size limitations. Binary padding effectively changes the checksum of the file and can also be used to avoid hash-based blocklists and static anti-virus signatures.(Citation: ESET OceanLotus) The padding used is...

LinuxWindowsmacOS
3
Detections
1
Sources
8
Threat Actors

BY SOURCE

3sigma

PROCEDURES (3)

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

THREAT ACTORS (8)

AkiraAPT29BRONZE BUTLERHigaisaKimsukyLeviathanMoafeePatchwork

DETECTIONS (3)

Binary Padding - Linux
sigmahigh
Binary Padding - MacOS
sigmahigh
Failed Code Integrity Checks
sigmainformational