Esc
Hidden Window - T1564.003

(ATT&CK® Technique)
Definition

Adversaries may use hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows that would typically be displayed when an application carries out an operation can be hidden. This may be utilized by system administrators to avoid disrupting user work environments when carrying out administrative tasks.
D3FEND Inferred Relationships

Browse the D3FEND knowledge graph by clicking on the nodes below.
        graph LR;

     T1564003["Hidden Window"] --> |may-modify| SystemConfigurationDatabase["System Configuration Database"]; class T1564003 OffensiveTechniqueNode;
        class SystemConfigurationDatabase ArtifactNode; click SystemConfigurationDatabase href "/dao/artifact/d3f:SystemConfigurationDatabase";
        click T1564003 href "/offensive-technique/attack/T1564.003/"; click SystemConfigurationDatabase href "/dao/artifact/d3f:SystemConfigurationDatabase"; T1564003["Hidden Window"] --> |may-modify| PropertyListFile["Property List File"]; class T1564003 OffensiveTechniqueNode;
        class PropertyListFile ArtifactNode; click PropertyListFile href "/dao/artifact/d3f:PropertyListFile";
        click T1564003 href "/offensive-technique/attack/T1564.003/"; click PropertyListFile href "/dao/artifact/d3f:PropertyListFile";                          LocalFilePermissions["Local File Permissions"] -->
          | restricts | PropertyListFile["Property List File"];

          LocalFilePermissions["Local File Permissions"] -.->
            | may-isolate | T1564003["Hidden Window"] ;
          class LocalFilePermissions DefensiveTechniqueNode;
          class PropertyListFile ArtifactNode;
          click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; DecoyFile["Decoy File"] -->
          | spoofs | PropertyListFile["Property List File"];

          DecoyFile["Decoy File"] -.->
            | may-deceive | T1564003["Hidden Window"] ;
          class DecoyFile DefensiveTechniqueNode;
          class PropertyListFile ArtifactNode;
          click DecoyFile href "/technique/d3f:DecoyFile";                           FileIntegrityMonitoring["File Integrity Monitoring"] -->
          | analyzes | PropertyListFile["Property List File"];

          FileIntegrityMonitoring["File Integrity Monitoring"] -.->
            | may-detect | T1564003["Hidden Window"] ;
          class FileIntegrityMonitoring DefensiveTechniqueNode;
          class PropertyListFile ArtifactNode;
          click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; FileEviction["File Eviction"] -->
          | deletes | PropertyListFile["Property List File"];

          FileEviction["File Eviction"] -.->
            | may-evict | T1564003["Hidden Window"] ;
          class FileEviction DefensiveTechniqueNode;
          class PropertyListFile ArtifactNode;
          click FileEviction href "/technique/d3f:FileEviction";                           SystemConfigurationPermissions["System Configuration Permissions"] -->
          | restricts | SystemConfigurationDatabase["System Configuration Database"];

          SystemConfigurationPermissions["System Configuration Permissions"] -.->
            | may-harden | T1564003["Hidden Window"] ;
          class SystemConfigurationPermissions DefensiveTechniqueNode;
          class SystemConfigurationDatabase ArtifactNode;
          click SystemConfigurationPermissions href "/technique/d3f:SystemConfigurationPermissions";              FileEncryption["File Encryption"] -->
          | encrypts | PropertyListFile["Property List File"];

          FileEncryption["File Encryption"] -.->
            | may-harden | T1564003["Hidden Window"] ;
          class FileEncryption DefensiveTechniqueNode;
          class PropertyListFile ArtifactNode;
          click FileEncryption href "/technique/d3f:FileEncryption";              RestoreDatabase["Restore Database"] -->
          | restores | SystemConfigurationDatabase["System Configuration Database"];

          RestoreDatabase["Restore Database"] -.->
            | may-restore | T1564003["Hidden Window"] ;
          class RestoreDatabase DefensiveTechniqueNode;
          class SystemConfigurationDatabase ArtifactNode;
          click RestoreDatabase href "/technique/d3f:RestoreDatabase"; RestoreFile["Restore File"] -->
          | restores | PropertyListFile["Property List File"];

          RestoreFile["Restore File"] -.->
            | may-restore | T1564003["Hidden Window"] ;
          class RestoreFile DefensiveTechniqueNode;
          class PropertyListFile ArtifactNode;
          click RestoreFile href "/technique/d3f:RestoreFile"; RemoteFileAccessMediation["Remote File Access Mediation"] -->
          | isolates | PropertyListFile["Property List File"];

          RemoteFileAccessMediation["Remote File Access Mediation"] -.->
            | may-isolate | T1564003["Hidden Window"] ;
          class RemoteFileAccessMediation DefensiveTechniqueNode;
          class PropertyListFile ArtifactNode;
          click RemoteFileAccessMediation href "/technique/d3f:RemoteFileAccessMediation";                                        FileAnalysis["File Analysis"] -->
          | analyzes | PropertyListFile["Property List File"];

          FileAnalysis["File Analysis"] -.->
            | may-detect | T1564003["Hidden Window"] ;
          class FileAnalysis DefensiveTechniqueNode;
          class PropertyListFile ArtifactNode;
          click FileAnalysis href "/technique/d3f:FileAnalysis";
json