Skip to content

DET0720 Detection of Obfuscated Files or Information

Item Value
ID DET0720
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1406 (Obfuscated Files or Information)

Analytics

Android

AN1851

Dynamic analysis, when used in application vetting, may in some cases be able to identify malicious code in obfuscated or encrypted form by detecting the code at execution time (after it is deobfuscated or decrypted). Some application vetting techniques apply reputation analysis of the application developer and can alert to potentially suspicious applications without actual examination of application code.

Log Sources
Data Component Name Channel
API Calls (DC0112) Application Vetting None
Mutable Elements
Field Description

iOS

AN1852

Dynamic analysis, when used in application vetting, may in some cases be able to identify malicious code in obfuscated or encrypted form by detecting the code at execution time (after it is deobfuscated or decrypted). Some application vetting techniques apply reputation analysis of the application developer and can alert to potentially suspicious applications without actual examination of application code.

Log Sources
Data Component Name Channel
API Calls (DC0112) Application Vetting None
Mutable Elements
Field Description