Covert Channel Chronicles: Astaroth’s ADS Forking Techniques

Microsoft graphic of Astaroth malware

Malicious ADS Within the Windows NTFS

Example of how an ADS file would not be visible without the proper command
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable; credit: H. Suri
MITRE ATT&CK malware database Indicators of Compromise (IOC) for the Astaroth malware; credit
credit

think bad, do good | cybersecurity & privacy engineering | keybase.io/d3structo

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store