Skip to content

Hide Navigation Hide TOC

Suspicious Mount-DiskImage (29e1c216-6408-489d-8a06-ee9d151ef819)

Adversaries may abuse container files such as disk image (.iso, .vhd) file formats to deliver malicious payloads that may not be tagged with MOTW.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Mount-DiskImage (29e1c216-6408-489d-8a06-ee9d151ef819) Sigma-Rules Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern 1
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern 2