Undetectable steganographic file driver12/13/2023 IEEE Trans Circ Syst Video Technol 16(3):354–362 Ni Z, Shi YQ, Ansari N, Su W (2006) Reversible data hiding. on Machine Learning and Cybernetics, vol.7, pp 3990–3994, Shanghai, China Liu S-H, Chen T-H, Yao H-X, Gao W (August 2004) “A variable depth LSB data hiding technique in images.” In: Proc. Lee C-C, Wu H-C, Tsai C-S, Chu Y-P (2008) Adaptive lossless steganographic scheme with centralized difference expansion. on Vision, Image, and Signal Processing, vol. Lee Y-K, Chen L-H (June 2000) “High capacity image steganographic model.” In: IEE Proc. Int J Pattern Recognit Artif Intell 17(6):967–981 Lee Y-K, Chen L-H (2003) Secure error-free steganography for JPEG images. Int J Pattern Recognit Artif Intell 16(6):681–696 Lee Y-K, Chen L-H (2002) Object-based image steganography using affine transformation. Katzenbeisser S, Petitcolas FAP (2000) Information hiding techniques for steganography and digital watermark. Jing MQ, Yang WC, Chen LH (July 2009) “A new steganography method via various animation timing effects in PowerPoint files.” Int Conf Mach Learn Cybern 12–15 Hu YC (2006) High-capacity image hiding scheme based on vector quantization. 3, pp 1349–1352, Salt Lake City, UT, USAĬox IJ, Miller ML, Bloom JA, Fridrich J, Kalker T (2008) Digital watermarking and steganography. on Acoustics, Speech, and Signal Processing, vol. IEEE Transaction on Circuits System Video Technology 16(10):1301–1308Ĭhou J, Ramchandrad K (May 2001) “Next generation techniques for robust and imperceptible audio data hiding.” In: Proc. Look for strings or other signatures left in system artifacts related to decoding steganography.Chang CC, Tai WL, Lin CC (2006) A reversible data hiding scheme based on side match vector quantization. It is based on the abuse of system features.ĭetection of steganography is difficult unless artifacts are left behind by the obfuscation process that are detectable with a known signature. This type of attack technique cannot be easily mitigated with preventive controls since Tropic Trooper has used JPG files with encrypted payloads to mask their backdoor routines and evade detection. TA551 has hidden encoded data for malware DLLs in a PNG. RegDuke can hide data in images, including use of the Least Significant Bit (LSB). RDAT can also embed data within a BMP image prior to exfiltration. Ramsay has PE data embedded within JPEG files contained within Word documents. Raindrop used steganography to locate the start of its encoded payload within legitimate 7-Zip code. PowerDuke uses steganography to hide backdoors in PNG files, which are also encrypted using the Tiny Encryption Algorithm (TEA). PolyglotDuke can use steganography to hide C2 information in images. įor Operation Spalax, the threat actors used packers that read pixel data from images contained in PE files' resource sections and build the next layer of execution from the data. Okrum's payload is encrypted and embedded within its loader, or within a legitimate PNG file. ObliqueRAT can hide its payload in BMP images hosted on compromised websites. MuddyWater has stored obfuscated JavaScript code in an image file named temp.jpg. LiteDuke has used image files to hide its loader component. Leviathan has used steganography to hide stolen data inside other files stored on Github. Invoke-PSImage can be used to embed a PowerShell script within the pixels of a PNG file. IcedID has embedded binaries within RC4 encrypted. Įarth Lusca has used steganography to hide shellcode in a BMP image file. ĭiavol has obfuscated its main code routines within bitmap images as part of its anti-analysis techniques. īuild_downer can extract malware from a downloaded JPEG. īRONZE BUTLER has used steganography in multiple operations to conceal malicious payloads. īBK can extract a malicious Portable Executable (PE) from a photo. PNG images within a zip file to build the executable. Īvenger can extract backdoor malware from downloaded images. ĪPT37 uses steganography to send images to users that are embedded with shellcode. Īndariel has hidden malicious executables within PNG files. ABK can extract a malicious Portable Executable (PE) from a photo.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |