CAPEC-655: Avoid Security Tool Identification by Adding Data
An adversary adds data to a file to increase the file size beyond what security tools are capable of handling in an attempt to mask their actions. In addition to this, adding data to a file also changes the file's hash, frustrating security tools that look for known bad files by their hash.
Last updated
Overview
CAPEC-655 (Avoid Security Tool Identification by Adding Data) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
Consequences
What a successful CAPEC-655 attack can achieve.
Hide Activities, Bypass Protection Mechanism
Affects: Accountability
Modify Data
Affects: Integrity
Examples
Adding data to change the checksum of a file and can be used to avoid hash-based denylists and static anti-virus signatures.
Terminology & mappings
Mapped taxonomies
- ATTACK: Obfuscated Files or Information:Binary padding (1027.001)
Frequently asked questions
Common questions about CAPEC-655.
- What is CAPEC-655?
- An adversary adds data to a file to increase the file size beyond what security tools are capable of handling in an attempt to mask their actions. In addition to this, adding data to a file also changes the file's hash, frustrating security tools that look for known bad files by their hash.
- How severe is CAPEC-655?
- MITRE rates CAPEC-655 as High severity with high likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-655
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.