T1564
Hide Artifacts
Description
Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system.
Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection. Adversaries may also attempt to hide artifacts associated with malicious behavior by creating computing regions that are isolated from common security instrumentation, such as through the use of virtualization technology.
Sub-techniques
T1564.001 — Hidden Files and Directories
T1564.002 — Hidden Users
T1564.003 — Hidden Window
T1564.004 — NTFS File Attributes
T1564.005 — Hidden File System
T1564.006 — Run Virtual Instance
T1564.007 — VBA Stomping
T1564.008 — Email Hiding Rules
T1564.009 — Resource Forking
T1564.010 — Process Argument Spoofing
T1564.011 — Ignore Process Interrupts
T1564.012 — File/Path Exclusions
T1564.013 — Bind Mounts
T1564.014 — Extended Attributes