Image-Based Malware Delivery

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0005 Lures, EAC0014 Software Manipulation

Name of Element: Image-Based Malware Delivery

Description of Element:

Goal: Deliver deceptive payloads or disrupt attacker operations through manipulated images.

Approach: Hiding malicious or disruptive code within images.

Embed malicious or disruptive code within images that are designed to be downloaded or processed by attackers. This code can trigger alerts, collect information about the attacker’s environment, or even disrupt their tools and infrastructure.

Technical Context:

This element leverages steganography and exploitation techniques to hide code within image files. The code can be executed when the image is opened, processed, or even just downloaded. This aligns with the MITRE ATT&CK technique T1204.002 (Malicious Link: Embedded Image Link).

Other:

This element can be particularly effective against attackers who rely on automated tools or scripts to process images.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense