1. Home
  2. Techniques
  3. Enterprise
  4. Hide Artifacts

Hide Artifacts

ID Name
ATAGS-T1096.001 Bind Mounts
ATAGS-T1096.002 Email Hiding Rules
ATAGS-T1096.003 Extended Attributes
ATAGS-T1096.004 File/Path Exclusions
ATAGS-T1096.005 Hidden File System
ATAGS-T1096.006 Hidden Files and Directories
ATAGS-T1096.007 Hidden Users
ATAGS-T1096.008 Hidden Window
ATAGS-T1096.009 Ignore Process Interrupts
ATAGS-T1096.010 NTFS File Attributes
ATAGS-T1096.011 Process Argument Spoofing
ATAGS-T1096.012 Resource Forking
ATAGS-T1096.013 Run Virtual Instance
ATAGS-T1096.014 VBA Stomping

Threat actors may attempt to hide artifacts associated with their behaviors to evade detection. Operating systems may have features to hide various artifacts, such as important system files and administrative task execution, to avoid disrupting user work environments and prevent users from changing files or features on the system. Threat actors may abuse these features to hide artifacts such as files, directories, user accounts, or other system activity to evade detection.

ID: ATAGS-T1096
Sub-techniques:  ATAGS-T1096.001, ATAGS-T1096.002, ATAGS-T1096.003, ATAGS-T1096.004, ATAGS-T1096.005, ATAGS-T1096.006, ATAGS-T1096.007, ATAGS-T1096.008, ATAGS-T1096.009, ATAGS-T1096.010, ATAGS-T1096.011, ATAGS-T1096.012, ATAGS-T1096.013, ATAGS-T1096.014
Tactic: Defense Evasion
Targeted Components: Software
Responsibility: Provider
Created: 18 April 2026
Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.