T1553.005
Subvert Trust Controls: Mark-of-the-Web Bypass
discovered 2026-06-17Writes a fake Zone.Identifier alternate data stream with ZoneId=0 to the dropped .exe to strip Mark-of-the-Web and defeat SmartScreen.
View on MITRE ATT&CK
Writes a fake Zone.Identifier alternate data stream with ZoneId=0 to the dropped .exe to strip Mark-of-the-Web and defeat SmartScreen.
View on MITRE ATT&CK