Technique List
Technique Name | Technique ID's | Categories | Snippet(s) | Rules(s) | OS | Creation Date |
---|---|---|---|---|---|---|
SuspendThread | U0101 C0055 | Anti-Debugging | 5 years, 8 months | |||
Guard Pages | U0102 B0006.006 | Anti-Debugging | 5 years, 8 months | |||
NtSetDebugFilterState | U0103 | Anti-Debugging | 5 years, 8 months | |||
Code Cave | U0502 | Antivirus/EDR Evasion | 5 years, 8 months | |||
Stolen certificate | U0503 | Antivirus/EDR Evasion | 5 years, 8 months | |||
Redirect Antivirus Website | U0504 | Antivirus/EDR Evasion | 5 years, 8 months | |||
Time Bomb | U1005 B0007.008 | Sandbox Evasion, Others | 5 years, 8 months | |||
Shortcut Hiding | U0505 | Antivirus/EDR Evasion | 5 years, 8 months | |||
Geofencing | U1006 | Others | 5 years, 8 months | |||
Custom Encoding | U0702 E1027.m03 | Data Obfuscation | 5 years, 8 months | |||
Cryptography | U0703 E1027.m04 | Data Obfuscation | 5 years, 8 months | |||
ROL | U0704 | Data Obfuscation | 5 years, 8 months | |||
Caesar Cipher | U0705 | Data Obfuscation | 5 years, 8 months | |||
Base64 | U0706 E1027.m02 | Data Obfuscation | 5 years, 8 months | |||
XOR Operation | U0701 E1027.m02 | Data Obfuscation | 5 years, 8 months | |||
FIleless Mechanisms | U1205 B0027.001 | Process Manipulating | 5 years, 8 months | |||
DLL Injection via CreateRemoteThread and LoadLibrary | U1226 E1055.001 | Process Manipulating | 5 years, 8 months | |||
Hook Injection | U1227 E1055.m01 | Process Manipulating | 5 years, 8 months | |||
Entry Point Modification | U1228 | Process Manipulating | 5 years, 8 months | |||
Parent Process Detection | U0404 | Anti-Monitoring | 5 years, 8 months | |||
Process Camouflage, Masquerading | U1230 F0005 | Process Manipulating | 5 years, 8 months | |||
Process Hollowing, RunPE | U1225 E1055.012 | Process Manipulating | 5 years, 8 months | |||
Disassembly Desynchronization | U0207 | Anti-Disassembly | 5 years, 8 months | |||
Dynamically Computed Target Address | U0208 | Anti-Disassembly | 5 years, 8 months | |||
Opcode Obfuscation | U0209 | Anti-Disassembly | 5 years, 8 months | |||
Jump With Same Target | U0210 | Anti-Disassembly | 5 years, 8 months | |||
Impossible Disassembly | U0211 | Anti-Disassembly | 5 years, 8 months | |||
Obscuring Control Flow | U0212 | Anti-Disassembly | 5 years, 8 months | |||
Abusing the Return Pointer | U0213 | Anti-Disassembly | 5 years, 8 months | |||
Obscuring Control Flow Using Pointers | U0214 | Anti-Disassembly | 5 years, 8 months |