Steganography Hide Zip Information in Picture File

 1title: Steganography Hide Zip Information in Picture File
 2id: 45810b50-7edc-42ca-813b-bdac02fb946b
 3status: test
 4description: Detects appending of zip file to image
 5references:
 6    - https://zerotoroot.me/steganography-hiding-a-zip-in-a-jpeg-file/
 7author: 'Pawel Mazur'
 8date: 2021-09-09
 9modified: 2022-10-09
10tags:
11    - attack.defense-evasion
12    - attack.t1027.003
13logsource:
14    product: linux
15    service: auditd
16detection:
17    commands:
18        type: EXECVE
19        a0: cat
20    a1:
21        a1|endswith:
22            - '.jpg'
23            - '.png'
24    a2:
25        a2|endswith: '.zip'
26    condition: commands and a1 and a2
27falsepositives:
28    - Unknown
29level: low

References

• https://zerotoroot.me/steganography-hiding-a-zip-in-a-jpeg-file/

  
  Read More

Related rules

• Findstr Launching .lnk File
• Steganography Extract Files with Steghide
• Steganography Hide Files with Steghide
• Steganography Unzip Hidden Information From Picture File
• AD Object WriteDAC Access