Technique List

Technique Name Technique ID's Categories Has Snippet(s) Has Rules(s) Creation Date
Runtime Function Decryption U0523 Antivirus/EDR Evasion 1 month, 4 weeks
BlockInput U1011 Others 1 month, 4 weeks
Retrieve HDD Information U1343 Sandbox Evasion 2 months
BuildCommDCBAndTimeoutA U1342 T1497.002 Sandbox Evasion 2 months
LimeCrypter U1436 Packers 4 months
PyArmor U1435 Packers 4 months
NixImports U1434 Packers 4 months, 1 week
PowerShell Special Characters Obfuscation U0709 Data Obfuscation 4 months, 1 week
PureCrypter U1433 Packers 4 months, 1 week
TrueCrypt U1432 Packers 4 months, 2 weeks
EasyCrypter U1431 Packers 4 months, 2 weeks
FuncIn U0132 U0221 U0308 Antivirus/EDR Evasion, Anti-Debugging, Anti-Disassembly, Anti-Forensic 5 months, 1 week
Process Argument Spoofing U1243 Process Manipulating 5 months, 1 week
SMB / Named Pipes U9011 Network Evasion 8 months, 3 weeks
Right-to-Left Override (RLO) Extension Spoofing U1010 Others 9 months, 2 weeks
DLL Unhooking U0522 Antivirus/EDR Evasion 10 months, 2 weeks
Shikata Ga Nai (SGN) U0708 Data Obfuscation 10 months, 2 weeks
C2 via FTP(S) U0910 Network Evasion 11 months, 1 week
Evasion using direct Syscalls U0521 Antivirus/EDR Evasion 1 year
Hell's Gate U0520 Antivirus/EDR Evasion 1 year, 1 month
XSL Script Processing T1220 Defense Evasion [Mitre] 1 year, 2 months
Virtualization/Sandbox Evasion: Time Based Evasion T1497.003 Defense Evasion [Mitre] 1 year, 2 months
Virtualization/Sandbox Evasion: User Activity Based Checks T1497.002 Defense Evasion [Mitre] 1 year, 2 months
Virtualization/Sandbox Evasion: System Checks T1497.001 Defense Evasion [Mitre] 1 year, 2 months
Valid Accounts: Local Accounts T1078.003 Defense Evasion [Mitre] 1 year, 2 months
Valid Accounts: Domain Accounts T1078.002 Defense Evasion [Mitre] 1 year, 2 months
Valid Accounts: Default Accounts T1078.001 Defense Evasion [Mitre] 1 year, 2 months
ScrubCrypt U1430 Packers 1 year, 2 months
Constant Blinding U0707 Data Obfuscation 1 year, 2 months
Unloading Module with FreeLibrary U0519 Antivirus/EDR Evasion 1 year, 2 months

Filter