Home > CAPEC List > CAPEC-570: Signature-Based Avoidance (Version 2.11)  

CAPEC-570: Signature-Based Avoidance

 
Signature-Based Avoidance
Definition in a New Window Definition in a New Window
Attack Pattern ID: 570
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

Software packing is a method of compressing or encrypting an executable. The act of packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Utilities used to perform software packing are called packers. Example packers are MPRESS and UPX. A more comprehensive list of known packers is available, but adversaries may create their own packing techniques to evade defenses that do not leave the same artifacts as well-known packers.

+ Solutions and Mitigations

Ensure updated virus definitions. Create custom signatures for observed malware. Employ heuristic-based malware detection.

+ References
[R.570.1] ATT&CK Project. "Software Packing (1045)". MITRE. <https://attack.mitre.org/wiki/Software_packing>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017