GET /api/techniques/172/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 172,
"key": "killing-windows-event-log",
"unprotect_id": "U0304",
"name": "Killing Windows Event Log",
"description": "Killing the Windows Event Log is a technique used by malware to prevent security professionals from detecting and analyzing it. Svchost.exe is a process that manages services on Windows operating systems. \r\n\r\nBy grouping multiple services into a single process, Svchost.exe conserves computing resources and reduces resource consumption. However, this also means that Svchost.exe manages the Event Log service, which is responsible for collecting logs on the system. \r\n\r\nBy targeting the Event Log service and killing the threads responsible for it, malware can prevent the system from collecting logs, making it more difficult for security professionals to detect and analyze the malware.",
"resources": "https://github.com/hlldz/Phant0m",
"creation_date": "2021-07-27T13:03:31.911000Z",
"tags": "Windows Event Log,\r\nAnti-forensic,\r\nSvchost.exe,\r\nServices,\r\nProcess,\r\nEvent Log service,\r\nThreads,",
"modification_date": "2023-10-04T10:43:11.626000Z",
"category": [
8
],
"rules": [
11
],
"attachments": [],
"featured_api": [
18,
24,
25,
28,
29,
30,
412,
425
],
"contributors": []
}
