Technique List
Technique Name | Technique ID's | Categories | Snippet(s) | Rules(s) | OS | Creation Date |
---|---|---|---|---|---|---|
Removing Commands from SELinux Audit Logs | U0312 | Anti-Forensic | 5 days | |||
Deleting Troubleshoot Information and Core Dumps | U0311 | Anti-Forensic | 5 days | |||
Manipulating Debug Logs | U0310 | Anti-Forensic | 5 days | |||
Clearing Kernel Message | U0309 | Anti-Forensic | 5 days | |||
XProtect Encryption Abuse | U0711 | Data Obfuscation | 1 week, 2 days | |||
kernel flag inspection via sysctl | U0135 | Anti-Debugging | 1 week, 2 days | |||
Exfiltration via SMTP | U0912 | Network Evasion | 1 week, 4 days | |||
XBEL Recently Opened Files Check | U1352 | Sandbox Evasion | 2 weeks | |||
Default Windows Wallpaper Check | U1351 | Sandbox Evasion | 1 month, 2 weeks | |||
Event Triggered Execution: Linux Inotify | U1245 T1546 | Process Manipulating | 2 months | |||
Replication Through Removable Media | U1012 T1091 | Defense Evasion [Mitre], Others | 3 months | |||
VBA Purging | U0524 | Antivirus/EDR Evasion | 4 months | |||
QEMU CPU brand evasion | U1350 | Sandbox Evasion | 4 months, 2 weeks | |||
bochs CPU oversights evasion | U1349 | Sandbox Evasion | 4 months, 3 weeks | |||
Al-Khaser_WriteWatch | U0134 | Anti-Debugging | 5 months | |||
WinDefAVEmu_goatfiles | U1348 | Sandbox Evasion | 5 months | |||
IPV4/IPV6 Obfuscation | U0710 | Data Obfuscation | 5 months | |||
AppInit DLL Injection | U1244 T1546 | Process Manipulating, Defense Evasion [Mitre] | 5 months | |||
VboxEnumShares | U1347 | Sandbox Evasion | 5 months | |||
Cronos-Crypter | U1437 | Packers | 5 months | |||
Odd Thread Count | U1346 | Sandbox Evasion | 5 months | |||
Hyper-V Signature | U1345 | Sandbox Evasion | 5 months | |||
NtDelayExecution | U1344 U0133 | Sandbox Evasion, Anti-Debugging | 5 months | |||
Runtime Function Decryption | U0523 | Antivirus/EDR Evasion | 9 months, 4 weeks | |||
BlockInput | U1011 | Others | 9 months, 4 weeks | |||
Retrieve HDD Information | U1343 | Sandbox Evasion | 10 months | |||
BuildCommDCBAndTimeoutA | U1342 T1497.002 | Sandbox Evasion | 10 months | |||
LimeCrypter | U1436 | Packers | 1 year | |||
PyArmor | U1435 | Packers | 1 year | |||
NixImports | U1434 | Packers | 1 year |