Obfuscate infrastructure

Obfuscation is hiding the day-to-day building and testing of new tools, chat servers, etc. [1]

ID: T1331
Sub-techniques:  No sub-techniques
Tactic: Establish & Maintain Infrastructure
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Similar Techniques by Tactic

Tactic Technique
Adversary Opsec Obfuscate infrastructure

Procedure Examples

Name Description

APT17 obfuscated infrastructure using a multi-layered malware beaconing approach. [2]


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Defender will generally not have visibility into their infrastructure.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Building and testing infrastructure and obfuscating it to protect it against intrusions are a standard part of the adversary process in preparing to conduct an operation against a target.


  1. FireEye. (2015, May). APT17: Hiding in Plain Sight - FireEye and Microsoft Expose Obfuscation Tactic. Retrieved March 6, 2017.