GET /api/techniques/216/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 216,
"key": "flirt-signatures-evasion",
"unprotect_id": "U0220",
"name": "FLIRT Signatures Evasion",
"description": "FLIRT Signature evasion is a technique used by malware to hide malicious code inside legitimate functions from known libraries. FLIRT (Fast Library Identification and Recognition Technology) is a database that contains signature patterns for identifying known functions from legitimate libraries. \r\n\r\nMalware authors can abuse these signatures by modifying or adding specific bytes to the code, so that it appears to be a legitimate function when scanned by a FLIRT database. This can trick reverse engineering tools that rely on FLIRT signatures without performing further analysis, and make it more difficult for security analysts to identify and analyze the malware. \r\n\r\nBy using this technique, malware authors can evade detection and make their code more difficult to understand and analyze.",
"resources": "https://hex-rays.com/products/ida/tech/flirt/in_depth/\nhttps://github.com/Maktm/FLIRTDB\nhttps://www.virustotal.com/gui/file/a41ba65405a032f4450ba80882cdd01d715d9d1684f4204050566be29a6dedb0",
"creation_date": "2022-07-01T07:35:35.174000Z",
"tags": "FLIRT (Fast Library Identification and Recognition Technology),\r\nSignature evasion,\r\nCode modification,\r\nLegitimate functions,",
"modification_date": "2023-10-04T10:43:35.037000Z",
"category": [
5
],
"rules": [],
"attachments": [],
"featured_api": [
23
],
"contributors": []
}
