216.73.217.98

T1564: T1564

View on MITRE ATT&CK The MITRE Corporation · Published 26/02/2020 18:41 · Modified 27/03/2026 01:10

Essential information

MITRE technique ID
T1564
Confidence
100/100
Revoked
No
Published
26/02/2020 18:41
Modified
27/03/2026 01:10
Author / Source
The MITRE Corporation

Aliases

Hide Artifacts

Platforms

windows macos linux ESXi Office Suite

Description

Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Adversaries may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.(Citation: Sofacy Komplex Trojan)(Citation: Cybereason OSX Pirrit)(Citation: MalwareBytes ADS July 2015) Adversaries may also attempt to hide artifacts associated with malicious behavior by creating computing regions that are isolated from common security instrumentation, such as through the use of virtualization technology.(Citation: Sophos Ragnar May 2020)

Kill chain phases

Kill chainPhase
mitre-attack defense-evasion

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.