EXPLORE
Sign In
← Back to Explore
T1036.008

Masquerade File Type

Adversaries may masquerade malicious payloads as legitimate files through changes to the payload's formatting, including the file’s signature, extension, icon, and contents. Various file types have a typical standard format, including how they are encoded and organized. For example, a file’s signature (also known as header or magic bytes) is the beginning bytes of a file and is often used to identify the file’s type. For example, the header of a JPEG file, is <code> 0xFF 0xD8</code> and the fil...

LinuxmacOSWindows
4
Detections
2
Sources
3
Threat Actors

BY SOURCE

3splunk_escu1elastic

PROCEDURES (3)

General Monitoring2 detections

Auto-extracted: 2 detections for general monitoring

Email Security1 detections

Auto-extracted: 1 detections for email security

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

THREAT ACTORS (3)

BlackByteMustang PandaVolt Typhoon

DETECTIONS (4)

Email Attachments With Lots Of Spaces
splunk_escu
Process Started from Process ID (PID) File
elastichigh
Suspicious Process Executed From Container File
splunk_escu
Windows Executable Masquerading as Benign File Types
splunk_escu