Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Defense Evasion/ T1027.013

T1027.013Encrypted/Encoded File

T1027.013 — Encrypted/Encoded File is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 6 detection use cases covering it and 9 threat-intel articles citing it.

Defense Evasion
View on the matrix → Filter Detection Library MITRE official spec ↗
6Use cases
9Articles
0Sub-techniques
1Tactic
↑ Parent technique: T1027 · Obfuscated Files or Information

Use cases covering this technique (6)

Windows Obfuscated Files or Information via RAR SFX ESCU actions · hunting P [LLM] Argamal MI_V / MI_V2 Environment Variable Stage Handoff Bespoke install · alerting DSΣPDDCS [LLM] Gremlin Stealer packed sample SHA256 execution (2172dae9a5a695e00e0e4609e7db0207d8566d225f7e815fada246ae995c0f9b) Bespoke install · alerting DSΣPDDCS [LLM] TeamPCP telnyx FetchAudio() — python subprocess running inline base64 exec Bespoke install · alerting DSΣPDDCS [LLM] ValleyRAT registry-resident shellcode (HKCU\Console\0|1) and MyPythonApp Run-key persistence Bespoke install · hunting DSΣP [LLM] GitHub Actions runner credential stealer: python3 base64-decoded payload reading /proc/<pid>/mem Bespoke actions · hunting DSPDD

Articles citing this technique (9)

high Argamal: Malware hidden in hentai games art-137
crit Webworm: New burrowing techniques art-240
high Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files art-281
crit A rigged game: ScarCruft compromises gaming platform in a supply-chain attack art-332
crit TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package art-413
high A cunning predator: How Silver Fox preys on Japanese firms this tax season art-426
high Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised art-430
crit LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan art-642
crit PlushDaemon compromises network devices for adversary-in-the-middle attacks art-695