GET /api/techniques/15/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 15,
"key": "checking-pipe",
"unprotect_id": "U1329",
"name": "Checking Pipe",
"description": "Cuckoo is an open-source automated malware analysis system that performs dynamic analysis by running suspicious files in isolated virtual environments. \r\n\r\nTo facilitate communication between the host system (analysis environment) and the guest system (execution environment), Cuckoo uses a named pipe: \\\\.\\pipe\\cuckoo\r\n\r\n### Detection Technique \r\n\r\nMalware running inside the guest can check for the existence of this named pipe. If the pipe is present, it indicates that the sample is being executed within a Cuckoo-monitored virtual machine. \r\n\r\nBased on this detection, the malware may alter its behavior to evade analysis, such as avoiding malicious actions or delaying execution.",
"windows": "",
"linux": "",
"macos": "",
"resources": "https://www.slideshare.net/ThomasRoccia/sandbox-evasion-cheat-sheet",
"creation_date": "2019-03-11T08:01:31Z",
"tags": "Sandbox,\r\nCuckoo,\r\nHost system,\r\nGuest system,\r\nCommunication,\r\nNamed pipe,\r\nVirtual environment,",
"modification_date": "2025-09-20T04:43:04.048639Z",
"category": [
1
],
"rules": [
166
],
"attachments": [],
"featured_api": [],
"contributors": [
36
]
}
