Adding the Hidden File Attribute with via attrib.exe¶
Adversaries can add the hidden attribute to files to hide them from the user in an attempt to evade detection
id: | 9051814c-a142-4b1c-965b-76a09dace760 |
---|---|
categories: | enrich |
confidence: | low |
os: | windows |
created: | 7/26/2019 |
updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
tactics: | Defense Evasion, Persistence |
---|---|
techniques: | T1158 Hidden Files and Directories |
Query¶
process where subtype.create and
process_name == "attrib.exe" and
command_line == "* +h*"