
Hiding Mechanisms
There are many places in the system that can be used by malware to hide their presence. An example can be registry, critical system files, lnk file, temporary folders…
Detection Rules
title: Copy itself to suspicious location via type command
status: experimental
description: Copy itself to suspicious location via type command
author: Joe Security
date: 2020-02-13
id: 200052
threatname:
behaviorgroup: 10
classification: 1
mitreattack:
logsource:
category: process_creation
product: windows
detection:
selection:
CommandLine:
- '*cmd*type*>*\AppData*'
condition: selection
level: critical
title: Hide copy and delete itself
status: experimental
description: Hide copy via attrib.exe and delete itself
author: Joe Security
date: 2019-11-12
id: 200025
threatname:
behaviorgroup: 1
classification: 8
mitreattack:
logsource:
category: process_creation
product: windows
detection:
selection:
CommandLine:
- '*attrib +s +h *timeout /t *del /f /q*'
condition: selection
level: critical