TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Obfuscate operational infrastructure
Obfuscate operational infrastructure
Obfuscation is hiding the day-to-day building and testing of new tools, chat servers, etc. [1]
ID: T1318
Tactic:
Adversary Opsec
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Detection
Detectable by Common Defenses (Yes/No/Partial): Yes
Explanation: While possible to detect given a significant sample size, depending on how the unique identifier is used detection may be difficult as similar patterns may be employed elsewhere (e.g., content hosting providers, account reset URLs).
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: An adversary can easily generate pseudo-random identifiers to associate with a specific target, include the indicator as part of a URL and then identify which target was successful.
References
- Joe Stewart and Don Jackson, Dell SecureWorks Counter Threat Unit(TM) Threat Intelligence. (2013, July 31). Secrets of the Comfoo Masters. Retrieved March 6, 2017.
×