Steganography Hide Files with Steghide
Detects embedding of files with usage of steghide binary, the adversaries may use this technique to prevent the detection of hidden information.
Sigma rule (View on GitHub)
1title: Steganography Hide Files with Steghide
2id: ce446a9e-30b9-4483-8e38-d2c9ad0a2280
3status: test
4description: Detects embedding of files with usage of steghide binary, the adversaries may use this technique to prevent the detection of hidden information.
5references:
6 - https://vitux.com/how-to-hide-confidential-files-in-images-on-debian-using-steganography/
7author: 'Pawel Mazur'
8date: 2021-09-11
9modified: 2022-10-09
10tags:
11 - attack.defense-evasion
12 - attack.t1027.003
13logsource:
14 product: linux
15 service: auditd
16detection:
17 selection:
18 type: EXECVE
19 a0: steghide
20 a1: embed
21 a2:
22 - '-cf'
23 - '-ef'
24 a4:
25 - '-cf'
26 - '-ef'
27 condition: selection
28falsepositives:
29 - Unknown
30level: low
References
-
Sometimes we have to hide our data to protect it from third-party access to the system. However, one way to achieve this is through encryption. But today we are going to talk about another method, ...
Read More
Related rules
- Findstr Launching .lnk File
- Steganography Extract Files with Steghide
- Steganography Hide Zip Information in Picture File
- Steganography Unzip Hidden Information From Picture File
- AD Object WriteDAC Access