Adding the Hidden File Attribute with via attrib.exe¶
Adversaries can add the hidden attribute to files to hide them from the user in an attempt to evade detection
| id: | 9051814c-a142-4b1c-965b-76a09dace760 |
|---|---|
| categories: | enrich |
| confidence: | low |
| os: | windows |
| created: | 7/26/2019 |
| updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
| tactics: | Defense Evasion, Persistence |
|---|---|
| techniques: | T1158 Hidden Files and Directories |
Query¶
process where subtype.create and
process_name == "attrib.exe" and
command_line == "* +h*"