| ID | Name |
|---|---|
| ATAGS-T1065.001 | Malicious Copy and Paste |
| ATAGS-T1065.002 | Malicious File |
| ATAGS-T1065.003 | Malicious Image |
| ATAGS-T1065.004 | Malicious Library |
| ATAGS-T1065.005 | Malicious Link |
Threat actors may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Threat actors may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, .cpl, .reg, and .iso.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.