T1406: Obfuscated Files or Information
Essential information
- MITRE technique ID
T1406- Confidence
- 100/100
- Revoked
- No
- Published
- 25/10/2017 16:48
- Modified
- 27/03/2026 01:41
- Author / Source
- The MITRE Corporation
Aliases
T1406
Platforms
android iOS
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-mobile-attack | defense-evasion |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (7)
-
DONOT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Sandworm usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[PROMETHIUM](https://attack.mitre.org/groups/G0056) is an activity group focused on espionage that has been active since at least 2012. The group has conducted operations globally with a heavy emphasis on Turkish…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Windshift](https://attack.mitre.org/groups/G0112) is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Star Blizzard](https://attack.mitre.org/groups/G1033) is a cyber espionage and influence group originating in Russia that has been active since at least 2019. [Star Blizzard](https://attack.mitre.org/groups/G1033) campaigns align closely with Russian state…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Anatsa usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Evilnum usesThe MITRE Corporation Confidence 100
[Evilnum](https://attack.mitre.org/groups/G0120) is a financially motivated threat group that has been active since at least 2018.(Citation: ESET EvilNum July 2020)
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (62)
-
DarkCrystal uses
-
TianySpy uses
-
Crocodilus usesFamily
-
NetSupport usesFamily
-
HenBox uses
-
SharkBot usesFamily The MITRE Corporation Confidence 100
[SharkBot](https://attack.mitre.org/software/S1055) is a banking malware, first discovered in October 2021, that tries to initiate money transfers directly from compromised devices by abusing Accessibility Services.(Citation: nccgroup_sharkbot_0322)
First seen 01/01/1970 · Last seen 16/11/5138 · -
Android Banking uses
-
FluBot uses
-
AndroidOS/MalLocker.B uses
-
Red Alert 2.0 uses
-
GolfSpy uses
-
Mandrake usesFamily The MITRE Corporation Confidence 100
[Mandrake](https://attack.mitre.org/software/S0485) is a sophisticated Android espionage platform that has been active in the wild since at least 2016. [Mandrake](https://attack.mitre.org/software/S0485) is very actively maintained, with sophisticated features and attacks…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (3)
-
7 MITREs 1 Malware 5 Observables
-
10 MITREs 1 Malware 1 APT
-
10 MITREs 1 Malware 4 Observables 1 APT
Vulnerabilities (CVE) (28)
targets
targets
targets
targets
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
- Published
- 31/03/2022
- Modified
- 20/12/2025
targets
targets
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any …
- Attack vector
- NETWORK
- Published
- 27/04/2022
- Modified
- 20/12/2025
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured …
- Published
- 03/11/2021
- Modified
- 20/12/2025
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.
- Published
- 10/01/2022
- Modified
- 20/12/2025
targets
A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and …
- Published
- 16/05/2022
- Modified
- 20/12/2025
Attack patterns (MITRE) (2)
-
Steganography subtechnique-of
-
Software Packing subtechnique-of
Tool (1)
-
FlexiSpy usesThe MITRE Corporation Confidence 100
[FlexiSpy](https://attack.mitre.org/software/S0408) is sophisticated surveillanceware for iOS and Android. Publicly-available, comprehensive analysis has only been found for the Android version.(Citation: FortiGuard-FlexiSpy)(Citation: CyberMerchants-FlexiSpy) [FlexiSpy](https://attack.mitre.org/software/S0408) markets itself as a parental control…
Campaign (1)
-
C0033 uses