Obfuscate infrastructure

Obfuscation is hiding the day-to-day building and testing of new tools, chat servers, etc. [1]

ID: T1331

Tactic: Establish & Maintain Infrastructure

Version: 1.0

Similar Techniques by Tactic

TacticTechnique
Adversary OpsecObfuscate infrastructure

Examples

NameDescription
APT17

APT17 obfuscated infrastructure using a multi-layered malware beaconing approach. [2]

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Defender will generally not have visibility into their infrastructure.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Building and testing infrastructure and obfuscating it to protect it against intrusions are a standard part of the adversary process in preparing to conduct an operation against a target.

References

  1. FireEye. (2015, May). APT17: Hiding in Plain Sight - FireEye and Microsoft Expose Obfuscation Tactic. Retrieved March 6, 2017.