Hide Artifacts (T1564)
Tactic: Stealth · Platforms: ESXi, Linux, macOS, Office Suite, Windows
The interactive view maps 1 detection strategy, 4 mitigations, 7 software entries to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.
Adversaries may also attempt to hide artifacts associated with malicious behavior by creating computing regions that are isolated from common security instrumentation, such as through the use of virtualization technology.
Sub-techniques
- Hidden Files and Directories (T1564.001)
- Hidden Users (T1564.002)
- Hidden Window (T1564.003)
- NTFS File Attributes (T1564.004)
- Hidden File System (T1564.005)
- Run Virtual Instance (T1564.006)
- VBA Stomping (T1564.007)
- Email Hiding Rules (T1564.008)
- Resource Forking (T1564.009)
- Process Argument Spoofing (T1564.010)
- Ignore Process Interrupts (T1564.011)
- File/Path Exclusions (T1564.012)
- Bind Mounts (T1564.013)
- Extended Attributes (T1564.014)