Technique List
| Technique Name | Technique ID's | Categories | Snippet(s) | Rules(s) | OS | Creation Date |
|---|---|---|---|---|---|---|
| WMI Event Subscriptions | U1353 | Sandbox Evasion | 2 weeks, 1 day | |||
| Removing Commands from SELinux Audit Logs | U0312 | Anti-Forensic | 3 months | |||
| Deleting Troubleshoot Information and Core Dumps | U0311 | Anti-Forensic | 3 months | |||
| Manipulating Debug Logs | U0310 | Anti-Forensic | 3 months | |||
| Clearing Kernel Message | U0309 | Anti-Forensic | 3 months | |||
| XProtect Encryption Abuse | U0711 | Data Obfuscation | 3 months | |||
| kernel flag inspection via sysctl | U0135 | Anti-Debugging | 3 months | |||
| Exfiltration via SMTP | U0912 | Network Evasion | 3 months, 1 week | |||
| XBEL Recently Opened Files Check | U1352 | Sandbox Evasion | 3 months, 1 week | |||
| Default Windows Wallpaper Check | U1351 | Sandbox Evasion | 4 months, 2 weeks | |||
| Event Triggered Execution: Linux Inotify | U1245 T1546 | Process Manipulating | 4 months, 4 weeks | |||
| Replication Through Removable Media | U1012 T1091 | Defense Evasion [Mitre], Others | 5 months, 4 weeks | |||
| VBA Purging | U0524 | Antivirus/EDR Evasion | 6 months, 4 weeks | |||
| QEMU CPU brand evasion | U1350 | Sandbox Evasion | 7 months, 2 weeks | |||
| bochs CPU oversights evasion | U1349 | Sandbox Evasion | 7 months, 2 weeks | |||
| Al-Khaser_WriteWatch | U0134 | Anti-Debugging | 7 months, 4 weeks | |||
| WinDefAVEmu_goatfiles | U1348 | Sandbox Evasion | 7 months, 4 weeks | |||
| IPV4/IPV6 Obfuscation | U0710 | Data Obfuscation | 7 months, 4 weeks | |||
| AppInit DLL Injection | U1244 T1546 | Process Manipulating, Defense Evasion [Mitre] | 8 months | |||
| VboxEnumShares | U1347 | Sandbox Evasion | 8 months | |||
| Cronos-Crypter | U1437 | Packers | 8 months | |||
| Odd Thread Count | U1346 | Sandbox Evasion | 8 months | |||
| Hyper-V Signature | U1345 | Sandbox Evasion | 8 months | |||
| NtDelayExecution | U1344 U0133 | Sandbox Evasion, Anti-Debugging | 8 months | |||
| Runtime Function Decryption | U0523 | Antivirus/EDR Evasion | 1 year | |||
| BlockInput | U1011 | Others | 1 year | |||
| Retrieve HDD Information | U1343 | Sandbox Evasion | 1 year | |||
| BuildCommDCBAndTimeoutA | U1342 T1497.002 | Sandbox Evasion | 1 year | |||
| LimeCrypter | U1436 | Packers | 1 year, 2 months | |||
| PyArmor | U1435 | Packers | 1 year, 2 months |