Home/ MITRE Matrix/ Defense Evasion/ T1027.009

T1027.009Embedded Payloads

T1027.009 — Embedded Payloads is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 3 detection use cases covering it and 5 threat-intel articles citing it.

Defense Evasion

View on the matrix → Filter Detection Library MITRE official spec ↗

3Use cases

5Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1027 · Obfuscated Files or Information

Use cases covering this technique (3)

[LLM] FrostyNeighbor PicassoLoader drop to %AppData%\WinDataScope\Update.js Bespoke install · alerting DSΣPDDCS [LLM] DynoWiper PDB-string + vagrant build artefact in loaded modules Bespoke install · hunting DSΣP [LLM] Lazarus DreamJob loader/dropper SHA1 sighting (DroneEXEHijackingLoader / NukeSped family) Bespoke install · hunting DSΣPDDCS

Articles citing this technique (5)

crit FrostyNeighbor: Fresh mischief and digital shenanigans art-309

crit EDR killers explained: Beyond the drivers art-455

high ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 art-603

crit PlushDaemon compromises network devices for adversary-in-the-middle attacks art-695

crit Gotta fly: Lazarus targets the UAV sector art-734