Host-based hiding techniques

Host based hiding techniques are designed to allow an adversary to remain undetected on a machine upon which they have taken action. They may do this through the use of static linking of binaries, polymorphic code, exploiting weakness in file formats, parsers, or self-deleting code. [1]

ID: T1314

Tactic: Adversary Opsec

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Techniques are difficult to detect and might occur in uncommon use-cases (e.g., patching, anti-malware, anti-exploitation software).

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Some of the host-based hiding techniques require advanced knowledge combined with an understanding and awareness of the target's environment (e.g., exploiting weaknesses in file formats, parsers and detection capabilities).

References

  1. Microsoft Malware Protection Center. (2008, July 30). Virus: Win32/Virut.AP. Retrieved March 6, 2017.