Technique List

Technique Name Technique ID's Categories Snippet(s) Rules(s) OS Creation Date
Process Hollowing, RunPE U1225 E1055.012 Process Manipulating 6 years
Disassembly Desynchronization U0207 Anti-Disassembly 6 years
Dynamically Computed Target Address U0208 Anti-Disassembly 6 years
Opcode Obfuscation U0209 Anti-Disassembly 6 years
Jump With Same Target U0210 Anti-Disassembly 6 years
Impossible Disassembly U0211 Anti-Disassembly 6 years
Obscuring Control Flow U0212 Anti-Disassembly 6 years
Abusing the Return Pointer U0213 Anti-Disassembly 6 years
Obscuring Control Flow Using Pointers U0214 Anti-Disassembly 6 years
Spaghetti, Junk Code U0215 Anti-Disassembly 6 years
Control Flow Graph Flattening U0216 Anti-Disassembly 6 years
API Obfuscation U0217 B0032.001 Anti-Disassembly 6 years
INT3 Instruction Scanning U0105 B0001.025 Anti-Debugging 6 years
Interrupts U0106 Anti-Debugging 6 years
Performing Code Checksum U0107 Anti-Debugging 6 years
Unhandled Exception Filter U0108 B0001.030 Anti-Debugging 6 years
Bad String Format U0104 Anti-Debugging 6 years
TLS Callback U0124 Anti-Debugging 6 years
Detecting Running Process: EnumProcess API U0109 U0405 U1306 Sandbox Evasion, Anti-Debugging, Anti-Monitoring 6 years
Detecting Window with FindWindow API U0406 U0123 Anti-Debugging, Anti-Monitoring 6 years
GetLocalTime, GetSystemTime, timeGetTime, NtQueryPerformanceCounter U0110 U1308 B0001.28 Sandbox Evasion, Anti-Debugging 6 years
GetTickCount U0125 B0001.032 Anti-Debugging 6 years
RDTSC U0126 Anti-Debugging 6 years
NtGlobalFlag U0111 B0001.036 Anti-Debugging 6 years
Heap Flag U0112 B0001.021 Anti-Debugging 6 years
IsDebugged Flag U0113 B0001.019 Anti-Debugging 6 years
CloseHandle, NtClose U0114 B0001.003 Anti-Debugging 6 years
CsrGetProcessID U0115 Anti-Debugging 6 years
EventPairHandles U0116 Anti-Debugging 6 years
OutputDebugString U0117 B0001.016 Anti-Debugging 6 years
Filter
Clear