Technique List

Technique Name Technique ID's Categories Snippet(s) Rules(s) OS Creation Date
PE Injection U1216 E1055.002 Process Manipulating 6 years
IAT Hooking U1217 F0015.003 Process Manipulating 6 years
Injection using Shims U1218 E1055.m03 Process Manipulating 6 years
Extra Window Memory Injection U1219 E1055.011 Process Manipulating 6 years
Atom Bombing U1220 Process Manipulating 6 years
APC injection U1221 E1055.004 Process Manipulating 6 years
Image File Execution Options Injection U1222 Process Manipulating 6 years
Thread Execution Hijacking U1223 E1055.003 Process Manipulating 6 years
Reflective DLL injection U1224 Process Manipulating 6 years
SuspendThread U0101 C0055 Anti-Debugging 6 years
Guard Pages U0102 B0006.006 Anti-Debugging 6 years
NtSetDebugFilterState U0103 Anti-Debugging 6 years
Code Cave U0502 Antivirus/EDR Evasion 6 years
Stolen certificate U0503 Antivirus/EDR Evasion 6 years
Redirect Antivirus Website U0504 Antivirus/EDR Evasion 6 years
Time Bomb U1005 B0007.008 Sandbox Evasion, Others 6 years
Shortcut Hiding U0505 Antivirus/EDR Evasion 6 years
Geofencing U1006 Others 6 years
Custom Encoding U0702 E1027.m03 Data Obfuscation 6 years
Cryptography U0703 E1027.m04 Data Obfuscation 6 years
ROL U0704 Data Obfuscation 6 years
Caesar Cipher U0705 Data Obfuscation 6 years
Base64 U0706 E1027.m02 Data Obfuscation 6 years
XOR Operation U0701 E1027.m02 Data Obfuscation 6 years
FIleless Mechanisms U1205 B0027.001 Process Manipulating 6 years
DLL Injection via CreateRemoteThread and LoadLibrary U1226 E1055.001 Process Manipulating 6 years
Hook Injection U1227 E1055.m01 Process Manipulating 6 years
Entry Point Modification U1228 Process Manipulating 6 years
Parent Process Detection U0404 Anti-Monitoring 6 years
Process Camouflage, Masquerading U1230 F0005 Process Manipulating 6 years
Filter
Clear