T1564

Linux Office Suite Windows macOS ESXi
Hide Artifacts

Description

Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system.

Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection. Adversaries may also attempt to hide artifacts associated with malicious behavior by creating computing regions that are isolated from common security instrumentation, such as through the use of virtualization technology.

Sub-techniques

T1564.001 — Hidden Files and Directories T1564.002 — Hidden Users T1564.003 — Hidden Window T1564.004 — NTFS File Attributes T1564.005 — Hidden File System T1564.006 — Run Virtual Instance T1564.007 — VBA Stomping T1564.008 — Email Hiding Rules T1564.009 — Resource Forking T1564.010 — Process Argument Spoofing T1564.011 — Ignore Process Interrupts T1564.012 — File/Path Exclusions T1564.013 — Bind Mounts T1564.014 — Extended Attributes