GET /api/techniques/368/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 368,
"key": "retrieve-hdd-information",
"unprotect_id": "U1343",
"name": "Retrieve HDD Information",
"description": "Malware can figure out if it's in a virtual environment by checking hard drive info. It looks for specific details like serial and model numbers. This is easier to spot in VirtualBox because it shows clues that it's running in a virtual space. \r\n\r\nMalware uses this trick to avoid getting caught. It does this by using a special command in the DeviceIoControl Win32 API, called IOCTL SMART_RCV_DRIVE_DATA. But, to use this command, you need top-level access.",
"resources": "https://nicolabottura.github.io/HDDInfo-Evasion-PoC.html",
"creation_date": "2024-03-20T23:27:16.117731Z",
"tags": "malware-detection, virtual-environment-evasion, hard-drive-inspection, virtualbox, deviceiocontrol-api, root-privileges, cybersecurity-tactics, evasion-techniques",
"modification_date": "2024-03-20T23:27:16.117783Z",
"category": [
1
],
"rules": [
157
],
"attachments": [],
"featured_api": [
627
],
"contributors": [
36
]
}
