| ID | C0015 |
| Objective(s) | File System |
| Related ATT&CK Techniques | None |
| Version | 2.1 |
| Created | 14 August 2020 |
| Last Modified | 5 December 2023 |
Malware alters a file extension. This could be done for many reasons, including to hide the file or as part of a ransomware's encryption process.
| Name | ID | Description |
|---|---|---|
| Append Extension | C0015.001 | A new extension is appended. |
| Tool: CAPE | Class | Mapping | APIs |
|---|---|---|---|
| mimics_extension | MimicsExtension | Alter File Extension (C0015) | -- |
| ransomware_file_modifications | RansomwareFileModifications | Alter File Extension (C0015) | MoveFileWithProgressW, MoveFileWithProgressTransactedW, NtCreateFile, NtWriteFile |
| ransomware_extensions | RansomwareExtensions | Alter File Extension (C0015) | -- |