EXPLORE

← Back to Explore

T1564.003

Hidden Window

Adversaries may use hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows that would typically be displayed when an application carries out an operation can be hidden. This may be utilized by system administrators to avoid disrupting user work environments when carrying out administrative tasks. Adversaries may abuse these functionalities to hide otherwise visible windows from users so as not to alert the user to adversary activity on the system.(Ci...

LinuxmacOSWindows

11

Detections

2

Sources

16

Threat Actors

BY SOURCE

8sigma3splunk_escu

PROCEDURES (6)

Process Creation Monitoring5 detections

Auto-extracted: 5 detections for process creation monitoring

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Api1 detections

Auto-extracted: 1 detections for api

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

THREAT ACTORS (16)

APT19 APT28 APT3 APT32 CopyKittens DarkHydrus Deep Panda FIN7 Gamaredon Group Gorgon Group Higaisa Kimsuky Magic Hound Medusa Group Nomadic Octopus ToddyCat

DETECTIONS (11)

Browser Execution In Headless Mode

Cmd Launched with Hidden Start Flags to Suspicious Targets

File Download with Headless Browser

HackTool - Covenant PowerShell Launcher

Headless Browser Mockbin or Mocky Request

Headless Browser Usage

Potential Data Stealing Via Chromium Headless Debugging

Powershell Executed From Headless ConHost Process

PUA - AdvancedRun Execution

Suspicious PowerShell WindowStyle Option

Windows ConHost with Headless Argument