Obfuscate or encrypt code

Obfuscation is the act of creating code that is more difficult to understand. Encoding transforms the code using a publicly available format. Encryption transforms the code such that it requires a key to reverse the encryption. [1]

ID: T1319
Sub-techniques:  No sub-techniques
Tactic: Adversary Opsec
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Detecting encryption is easy, decrypting/deobfuscating is hard.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Various solutions exist for the adversary to use. This technique is commonly used to prevent attribution and evade detection.


  1. CYLANCE. (n.d.). Operation Cleaver. Retrieved March 6, 2017.