Technique List
Technique Name | Technique ID's | Categories | Has Snippet(s) | Has Rules(s) | Creation Date |
---|---|---|---|---|---|
LimeCrypter | U1436 | Packers | 2 months | ||
PyArmor | U1435 | Packers | 2 months | ||
NixImports | U1434 | Packers | 2 months | ||
PowerShell Special Characters Obfuscation | U0709 | Data Obfuscation | 2 months, 1 week | ||
PureCrypter | U1433 | Packers | 2 months, 1 week | ||
TrueCrypt | U1432 | Packers | 2 months, 1 week | ||
EasyCrypter | U1431 | Packers | 2 months, 1 week | ||
FuncIn | U0132 U0221 U0308 | Antivirus/EDR Evasion, Anti-Debugging, Anti-Disassembly, Anti-Forensic | 3 months | ||
Process Argument Spoofing | U1243 | Process Manipulating | 3 months, 1 week | ||
SMB / Named Pipes | U9011 | Network Evasion | 6 months, 2 weeks | ||
Right-to-Left Override (RLO) Extension Spoofing | U1010 | Others | 7 months, 2 weeks | ||
DLL Unhooking | U0522 | Antivirus/EDR Evasion | 8 months, 2 weeks | ||
Shikata Ga Nai (SGN) | U0708 | Data Obfuscation | 8 months, 2 weeks | ||
C2 via FTP(S) | U0910 | Network Evasion | 9 months, 1 week | ||
Evasion using direct Syscalls | U0521 | Antivirus/EDR Evasion | 10 months | ||
Hell's Gate | U0520 | Antivirus/EDR Evasion | 11 months, 2 weeks | ||
XSL Script Processing | T1220 | Defense Evasion [Mitre] | 11 months, 3 weeks | ||
Virtualization/Sandbox Evasion: Time Based Evasion | T1497.003 | Defense Evasion [Mitre] | 11 months, 3 weeks | ||
Virtualization/Sandbox Evasion: User Activity Based Checks | T1497.002 | Defense Evasion [Mitre] | 11 months, 3 weeks | ||
Virtualization/Sandbox Evasion: System Checks | T1497.001 | Defense Evasion [Mitre] | 11 months, 3 weeks | ||
Valid Accounts: Local Accounts | T1078.003 | Defense Evasion [Mitre] | 11 months, 3 weeks | ||
Valid Accounts: Domain Accounts | T1078.002 | Defense Evasion [Mitre] | 11 months, 3 weeks | ||
Valid Accounts: Default Accounts | T1078.001 | Defense Evasion [Mitre] | 11 months, 3 weeks | ||
ScrubCrypt | U1430 | Packers | 11 months, 4 weeks | ||
Constant Blinding | U0707 | Data Obfuscation | 11 months, 4 weeks | ||
Unloading Module with FreeLibrary | U0519 | Antivirus/EDR Evasion | 11 months, 4 weeks | ||
AddVectoredExceptionHandler | U0125 | Anti-Debugging | 1 year | ||
Call to Interrupt Procedure | U0124 | Anti-Debugging | 1 year | ||
Use Alternate Authentication Material: Pass the Ticket | T1550.003 | Defense Evasion [Mitre] | 1 year | ||
Use Alternate Authentication Material: Pass the Hash | T1550.002 | Defense Evasion [Mitre] | 1 year |