CAPEC-636

Hiding Malicious Data or Code within Files
High
Draft
2018-05-31
00h00 +00:00
2023-01-24
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Notifications manage

Descriptions CAPEC

Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata about the file, such as a cached thumbnail for an image file. Unless utilities are invoked in a particular way, this data is not visible during the normal use of the file. It is possible for an attacker to store malicious data or code using these facilities, which would be difficult to discover.

Informations CAPEC

Prerequisites

The operating system must support a file system that allows for alternate data storage for a file.

Mitigations

Many tools are available to search for the hidden data. Scan regularly for such data using one of these tools.

Related Weaknesses

CWE-ID Weakness Name

CWE-506

 Embedded Malicious Code
The product contains code that appears to be malicious in nature.

References

REF-493

Alternate Data Streams: Out of the Shadows and into the Light
Means, Ryan L..
https://www.giac.org/paper/gcwn/230/alternate-data-streams-shadows-light/104234

Submission

Name Organization Date Date release
CAPEC Content Team The MITRE Corporation 2018-05-31 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2023-01-24 +00:00 Updated Related_Weaknesses