Technique List

Technique Name Technique ID's Categories Snippet(s) Rules(s) OS Creation Date
Indirect Memory Writing U0525 Antivirus/EDR Evasion 4 weeks, 1 day
WMI Event Subscriptions U1353 Sandbox Evasion 6 months, 3 weeks
Removing Commands from SELinux Audit Logs U0312 Anti-Forensic 9 months, 1 week
Deleting Troubleshoot Information and Core Dumps U0311 Anti-Forensic 9 months, 1 week
Manipulating Debug Logs U0310 Anti-Forensic 9 months, 1 week
Clearing Kernel Message U0309 Anti-Forensic 9 months, 1 week
XProtect Encryption Abuse U0711 Data Obfuscation 9 months, 2 weeks
kernel flag inspection via sysctl U0135 Anti-Debugging 9 months, 2 weeks
Exfiltration via SMTP U0912 Network Evasion 9 months, 2 weeks
XBEL Recently Opened Files Check U1352 Sandbox Evasion 9 months, 3 weeks
Default Windows Wallpaper Check U1351 Sandbox Evasion 10 months, 3 weeks
Event Triggered Execution: Linux Inotify U1245 T1546 Process Manipulating 11 months, 1 week
Replication Through Removable Media U1012 T1091 Defense Evasion [Mitre], Others 1 year
VBA Purging U0524 Antivirus/EDR Evasion 1 year, 1 month
QEMU CPU brand evasion U1350 Sandbox Evasion 1 year, 1 month
bochs CPU oversights evasion U1349 Sandbox Evasion 1 year, 1 month
Al-Khaser_WriteWatch U0134 Anti-Debugging 1 year, 2 months
WinDefAVEmu_goatfiles U1348 Sandbox Evasion 1 year, 2 months
IPV4/IPV6 Obfuscation U0710 Data Obfuscation 1 year, 2 months
AppInit DLL Injection U1244 T1546 Process Manipulating, Defense Evasion [Mitre] 1 year, 2 months
VboxEnumShares U1347 Sandbox Evasion 1 year, 2 months
Cronos-Crypter U1437 Packers 1 year, 2 months
Odd Thread Count U1346 Sandbox Evasion 1 year, 2 months
Hyper-V Signature U1345 Sandbox Evasion 1 year, 2 months
NtDelayExecution U1344 U0133 Sandbox Evasion, Anti-Debugging 1 year, 2 months
Runtime Function Decryption U0523 Antivirus/EDR Evasion 1 year, 7 months
BlockInput U1011 Others 1 year, 7 months
Retrieve HDD Information U1343 Sandbox Evasion 1 year, 7 months
BuildCommDCBAndTimeoutA U1342 T1497.002 Sandbox Evasion 1 year, 7 months
LimeCrypter U1436 Packers 1 year, 9 months
Filter
Clear