Technique List

Technique Name Technique ID's Categories Has Snippet(s) Has Rules(s) Creation Date
SMB / Named Pipes U9011 Network Evasion 4 weeks, 1 day
Right-to-Left Override (RLO) Extension Spoofing U1010 Others 1 month, 3 weeks
DLL Unhooking U0522 Antivirus/EDR Evasion 2 months, 3 weeks
Shikata Ga Nai (SGN) U0708 Data Obfuscation 2 months, 3 weeks
C2 via FTP(S) U0910 Network Evasion 3 months, 2 weeks
Evasion using direct Syscalls U0521 Antivirus/EDR Evasion 4 months, 1 week
Hell's Gate U0520 Antivirus/EDR Evasion 5 months, 3 weeks
XSL Script Processing T1220 Defense Evasion [Mitre] 6 months, 1 week
Virtualization/Sandbox Evasion: Time Based Evasion T1497.003 Defense Evasion [Mitre] 6 months, 1 week
Virtualization/Sandbox Evasion: User Activity Based Checks T1497.002 Defense Evasion [Mitre] 6 months, 1 week
Virtualization/Sandbox Evasion: System Checks T1497.001 Defense Evasion [Mitre] 6 months, 1 week
Valid Accounts: Local Accounts T1078.003 Defense Evasion [Mitre] 6 months, 1 week
Valid Accounts: Domain Accounts T1078.002 Defense Evasion [Mitre] 6 months, 1 week
Valid Accounts: Default Accounts T1078.001 Defense Evasion [Mitre] 6 months, 1 week
ScrubCrypt U1430 Packers 6 months, 1 week
Constant Blinding U0707 Data Obfuscation 6 months, 1 week
Unloading Module with FreeLibrary U0519 Antivirus/EDR Evasion 6 months, 1 week
AddVectoredExceptionHandler U0125 Anti-Debugging 6 months, 2 weeks
Call to Interrupt Procedure U0124 Anti-Debugging 6 months, 2 weeks
Use Alternate Authentication Material: Pass the Ticket T1550.003 Defense Evasion [Mitre] 6 months, 3 weeks
Use Alternate Authentication Material: Pass the Hash T1550.002 Defense Evasion [Mitre] 6 months, 3 weeks
Trusted Developer Utilities Proxy Execution: MSBuild T1127.001 Defense Evasion [Mitre] 6 months, 3 weeks
Traffic Signaling: Socket Filters T1205.002 Defense Evasion [Mitre] 6 months, 3 weeks
Traffic Signaling: Port Knocking T1205.001 Defense Evasion [Mitre] 6 months, 3 weeks
Template Injection T1221 Defense Evasion [Mitre] 6 months, 3 weeks
System Script Proxy Execution: PubPrn T1216.001 Defense Evasion [Mitre] 6 months, 3 weeks
System Binary Proxy Execution: MMC T1218.014 Defense Evasion [Mitre] 6 months, 3 weeks
System Binary Proxy Execution: Mavinject T1218.013 Defense Evasion [Mitre] 6 months, 3 weeks
System Binary Proxy Execution: Verclsid T1218.012 Defense Evasion [Mitre] 6 months, 3 weeks
System Binary Proxy Execution: Rundll32 T1218.011 Defense Evasion [Mitre] 6 months, 3 weeks
Filter
Clear