The sub-techniques beta is now live! Read the release blog post for more info.

Obfuscate or encrypt code

Obfuscation is the act of creating code that is more difficult to understand. Encoding transforms the code using a publicly available format. Encryption transforms the code such that it requires a key to reverse the encryption. [1]

ID: T1319
Tactic: Adversary Opsec
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Detecting encryption is easy, decrypting/deobfuscating is hard.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Various solutions exist for the adversary to use. This technique is commonly used to prevent attribution and evade detection.


  1. CYLANCE. (n.d.). Operation Cleaver. Retrieved March 6, 2017.