Threats Consequences Barriers

Threats Library

Reusable threat definitions (causes on the left side of bow-tie diagrams).

Add Threat

Tags: clear tags
Clear all
15 threats — page 1 of 1
Name Category Tags Description
Hide Artifacts Defense Evasion
mitre-attack T1564
Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Operat… Edit
Hide Artifacts: Bind Mounts Defense Evasion
mitre-attack T1564.013
Adversaries may abuse bind mounts on file structures to hide their activity and artifacts from nativ… Edit
Hide Artifacts: Email Hiding Rules Defense Evasion
mitre-attack T1564.008
Adversaries may use email rules to hide inbound emails in a compromised user's mailbox. Many email c… Edit
Hide Artifacts: Extended Attributes Defense Evasion
mitre-attack T1564.014
Adversaries may abuse extended attributes (xattrs) on macOS and Linux to hide their malicious data i… Edit
Hide Artifacts: File/Path Exclusions Defense Evasion
mitre-attack T1564.012
Adversaries may attempt to hide their file-based artifacts by writing them to specific folders or fi… Edit
Hide Artifacts: Hidden File System Defense Evasion
mitre-attack T1564.005
Adversaries may use a hidden file system to conceal malicious activity from users and security tools… Edit
Hide Artifacts: Hidden Files and Directories Defense Evasion
mitre-attack T1564.001
Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent nor… Edit
Hide Artifacts: Hidden Users Defense Evasion
mitre-attack T1564.002
Adversaries may use hidden users to hide the presence of user accounts they create or modify. Admini… Edit
Hide Artifacts: Hidden Window Defense Evasion
mitre-attack T1564.003
Adversaries may use hidden windows to conceal malicious activity from the plain sight of users. In s… Edit
Hide Artifacts: Ignore Process Interrupts Defense Evasion
mitre-attack T1564.011
Adversaries may evade defensive mechanisms by executing commands that hide from process interrupt si… Edit
Hide Artifacts: NTFS File Attributes Defense Evasion
mitre-attack T1564.004
Adversaries may use NTFS file attributes to hide their malicious data in order to evade detection. E… Edit
Hide Artifacts: Process Argument Spoofing Defense Evasion
mitre-attack T1564.010
Adversaries may attempt to hide process command-line arguments by overwriting process memory. Proces… Edit
Hide Artifacts: Resource Forking Defense Evasion
mitre-attack T1564.009
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and by… Edit
Hide Artifacts: Run Virtual Instance Defense Evasion
mitre-attack T1564.006
Adversaries may carry out malicious operations using a virtual instance to avoid detection. A wide v… Edit
Hide Artifacts: VBA Stomping Defense Evasion
mitre-attack T1564.007
Adversaries may hide malicious Visual Basic for Applications (VBA) payloads embedded within MS Offic… Edit