Compiled HTML File (T1223)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Compiled HTML File

Associated Tactics

  • Defense Evasion
  • Execution

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Microsoft. (2018, May 30). Microsoft HTML Help 1.4. Retrieved October 3, 2018. Microsoft HTML Help May 2018
Microsoft. (n.d.). HTML Help ActiveX Control Overview. Retrieved October 3, 2018. Microsoft HTML Help ActiveX
Microsoft. (n.d.). About the HTML Help Executable Program. Retrieved October 3, 2018. Microsoft HTML Help Executable Program
Moe, O. (2017, August 13). Bypassing Device guard UMCI using CHM – CVE-2017-8625. Retrieved October 3, 2018. MsitPros CHM Aug 2017
Microsoft. (2017, August 8). CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability. Retrieved October 3, 2018. Microsoft CVE-2017-8625 Aug 2017