GET /api/techniques/375/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 375,
"key": "vboxenumshares",
"unprotect_id": "U1347",
"name": "VboxEnumShares",
"description": "This method represents a variation of the `WNetGetProviderName(WNNC_NET_RDR2SAMPLE, ...)` approach, which is typically employed to determine if the network share's provider name is specific, such as VirtualBox. Instead of relying on this well-established technique, we utilize `WNetOpenEnum` and `WNetEnumResource` functions to iterate through each network resource. The primary objective is to identify VirtualBox shared folders, which typically feature \"VirtualBox\" or \"VBoxSrv\" substrings in their names. The latter, VBoxSrv, serves as a pseudo-network redirector provided by VirtualBox, enabling access to shared folders within the guest OS. These folders are sub-resources of the VirtualBox Shared Folder resource. By systematically enumerating these folders, a malware sample can ascertain the presence of the hypervisor in an alternative manner.",
"windows": "",
"linux": "",
"macos": "",
"resources": "",
"creation_date": "2024-08-17T07:29:17.120471Z",
"tags": "",
"modification_date": "2024-08-17T07:29:17.120515Z",
"category": [
1
],
"rules": [],
"attachments": [],
"featured_api": [],
"contributors": [
36
]
}
