TA0005ATT&CK 14.1

TA0005Defense Evasion

Description

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

Techniques in this tactic· 44

T1006
Direct Volume Access
T1014
Rootkit
T1027
Obfuscated Files or Information
T1036
Masquerading
T1055
Process Injection
T1070
Indicator Removal
T1078
Valid Accounts
T1112
Modify Registry
T1127
Trusted Developer Utilities Proxy Execution
T1134
Access Token Manipulation
T1140
Deobfuscate/Decode Files or Information
T1197
BITS Jobs
T1202
Indirect Command Execution
T1205
Traffic Signaling
T1207
Rogue Domain Controller
T1211
Exploitation for Defense Evasion
T1216
System Script Proxy Execution
T1218
System Binary Proxy Execution
T1220
XSL Script Processing
T1221
Template Injection
T1222
File and Directory Permissions Modification
T1480
Execution Guardrails
T1484
Domain Policy Modification
T1497
Virtualization/Sandbox Evasion
T1502
Parent PID Spoofing
T1506
Web Session Cookie
T1527
Application Access Token
T1535
Unused/Unsupported Cloud Regions
T1536
Revert Cloud Instance
T1542
Pre-OS Boot
T1548
Abuse Elevation Control Mechanism
T1550
Use Alternate Authentication Material
T1553
Subvert Trust Controls
T1556
Modify Authentication Process
T1562
Impair Defenses
T1564
Hide Artifacts
T1574
Hijack Execution Flow
T1578
Modify Cloud Compute Infrastructure
T1599
Network Boundary Bridging
T1600
Weaken Encryption
T1601
Modify System Image
T1610
Deploy Container
T1612
Build Image on Host
T1620
Reflective Code Loading

Sub-techniques in this tactic· 148

T1027.001T1027.002T1027.003T1027.004T1027.005T1027.006T1027.007T1027.008T1027.009T1027.010T1027.011T1027.012T1036.001T1036.002T1036.003T1036.004T1036.005T1036.006T1036.007T1036.008T1036.009T1055.001T1055.002T1055.003T1055.004T1055.005T1055.008T1055.009T1055.011T1055.012T1055.013T1055.014T1055.015T1070.001T1070.002T1070.003T1070.004T1070.005T1070.006T1070.007+108 more

References

  1. https://attack.mitre.org/tactics/TA0005

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

ATLAS
Exploitation for Defense Evasion
Technique
Obfuscated Files or Information
Technique
Impair Defenses
Technique
Hide Artifacts
Tactic
Exfiltration
Sub-technique
Disable or Modify Tools
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, Founder at SQUR.