• ISO

Tactic or Technique: ISO

Attackers use ISO files to hide and deliver malware in a format that often slips past security tools. These disk image files are usually used for software distribution, but attackers disguise them as software updates, shipping notices, or other business-related documents to encourage you to open them.
The file itself may look suspicious or unfamiliar, but the message around it is designed to build trust. Once mounted, the ISO can silently run malware like remote access tools, info-stealers, or ransomware. While email providers typically block ISO files as direct attachments, they can still be delivered via URL file downloads and other techniques like link-based HTML smuggling.
This tactic combines social engineering with technical evasion. If you open the file, it can lead to stolen data, financial loss, or a broader network compromise.
Attack Types (2):
Credential Phishing
Malware/Ransomware
Detection Methods (5):
Archive analysis
Content analysis
File analysis
HTML analysis
Sender analysis
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: HTML smuggling with embedded base64-encoded ISO
2y ago
Aug 21st, 2023 UTC
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
ISO
Archive analysis
Content analysis
File analysis
HTML analysis
Sender analysis
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d