T1406: Obfuscated Files or Information
Essential information
- MITRE technique ID
T1406- Confidence
- 100/100
- Revoked
- No
- Published
- 25/10/2017 16:48
- Modified
- 27/03/2026 01:41
- Author / Source
- The MITRE Corporation
Aliases
T1406
Platforms
android iOS
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-mobile-attack | defense-evasion |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (7)
-
DONOT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Sandworm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[PROMETHIUM](https://attack.mitre.org/groups/G0056) is an activity group focused on espionage that has been active since at least 2012. The group has conducted operations globally with a heavy emphasis on Turkish…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Windshift](https://attack.mitre.org/groups/G0112) is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Star Blizzard](https://attack.mitre.org/groups/G1033) is a cyber espionage and influence group originating in Russia that has been active since at least 2019. [Star Blizzard](https://attack.mitre.org/groups/G1033) campaigns align closely with Russian state…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Anatsa usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Evilnum usesThe MITRE Corporation Confidence 100
[Evilnum](https://attack.mitre.org/groups/G0120) is a financially motivated threat group that has been active since at least 2018.(Citation: ESET EvilNum July 2020)
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (62)
-
Bread usesFamily The MITRE Corporation Confidence 100
[Bread](https://attack.mitre.org/software/S0432) was a large-scale billing fraud malware family known for employing many different cloaking and obfuscation techniques in an attempt to continuously evade Google Play Store’s malware detection.…
First seen 01/01/1970 · Last seen 16/11/5138 · -
BRATA usesFamily The MITRE Corporation Confidence 100
[BRATA](https://attack.mitre.org/software/S1094) (Brazilian Remote Access Tool, Android), is an evolving Android malware strain, detected in late 2018 and again in late 2021. Originating in Brazil, [BRATA](https://attack.mitre.org/software/S1094) was later also…
First seen 01/01/1970 · Last seen 16/11/5138 · -
CarbonSteal usesFamily The MITRE Corporation Confidence 100
[CarbonSteal](https://attack.mitre.org/software/S0529) is one of a family of four surveillanceware tools that share a common C2 infrastructure. [CarbonSteal](https://attack.mitre.org/software/S0529) primarily deals with audio surveillance. (Citation: Lookout Uyghur Campaign)
First seen 01/01/1970 · Last seen 16/11/5138 · -
DcRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
OBAD usesFamily The MITRE Corporation Confidence 100
OBAD is an Android malware family. (Citation: TrendMicro-Obad)
First seen 01/01/1970 · Last seen 16/11/5138 · -
SilkBean usesFamily The MITRE Corporation Confidence 100
[SilkBean](https://attack.mitre.org/software/S0549) is a piece of Android surveillanceware containing comprehensive remote access tool (RAT) functionality that has been used in targeting of the Uyghur ethnic group.(Citation: Lookout Uyghur Campaign)
First seen 01/01/1970 · Last seen 16/11/5138 · -
AbstractEmu usesFamily The MITRE Corporation Confidence 100
[AbstractEmu](https://attack.mitre.org/software/S1061) is mobile malware that was first seen in Google Play and other third-party stores in October 2021. It was discovered in 19 Android applications, of which at…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Infamouse Chisel usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
DarkMe usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
BleachGap usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
FakeSpy usesFamily The MITRE Corporation Confidence 100
[FakeSpy](https://attack.mitre.org/software/S0509) is Android spyware that has been operated by the Chinese threat actor behind the Roaming Mantis campaigns.(Citation: Cybereason FakeSpy)
First seen 01/01/1970 · Last seen 16/11/5138 · -
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (3)
-
7 MITREs 1 Malware 5 Observables
-
10 MITREs 1 Malware 1 APT
-
10 MITREs 1 Malware 4 Observables 1 APT
Vulnerabilities (CVE) (28)
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability …
- Attack vector
- NETWORK
- Published
- 15/03/2022
- Modified
- 20/12/2025
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.
- Attack vector
- Network
- Complexity
- Low
- Published
- 16/06/2022
- Modified
- 05/07/2026
- Published
- 20/12/2025
- Modified
- 20/12/2025
D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Attack patterns (MITRE) (2)
-
Steganography subtechnique-of
-
Software Packing subtechnique-of
Tool (1)
-
FlexiSpy usesThe MITRE Corporation Confidence 100
[FlexiSpy](https://attack.mitre.org/software/S0408) is sophisticated surveillanceware for iOS and Android. Publicly-available, comprehensive analysis has only been found for the Android version.(Citation: FortiGuard-FlexiSpy)(Citation: CyberMerchants-FlexiSpy) [FlexiSpy](https://attack.mitre.org/software/S0408) markets itself as a parental control…
Campaign (1)
-
C0033 uses