Technique List
| Technique Name | Technique ID's | Categories | Snippet(s) | Rules(s) | OS | Creation Date |
|---|---|---|---|---|---|---|
| Process Camouflage, Masquerading | U1230 F0005 | Process Manipulating | 6 years, 2 months | |||
| Process Hollowing, RunPE | U1225 E1055.012 | Process Manipulating | 6 years, 2 months | |||
| Disassembly Desynchronization | U0207 | Anti-Disassembly | 6 years, 2 months | |||
| Dynamically Computed Target Address | U0208 | Anti-Disassembly | 6 years, 2 months | |||
| Opcode Obfuscation | U0209 | Anti-Disassembly | 6 years, 2 months | |||
| Jump With Same Target | U0210 | Anti-Disassembly | 6 years, 2 months | |||
| Impossible Disassembly | U0211 | Anti-Disassembly | 6 years, 2 months | |||
| Obscuring Control Flow | U0212 | Anti-Disassembly | 6 years, 2 months | |||
| Abusing the Return Pointer | U0213 | Anti-Disassembly | 6 years, 2 months | |||
| Obscuring Control Flow Using Pointers | U0214 | Anti-Disassembly | 6 years, 2 months | |||
| Spaghetti, Junk Code | U0215 | Anti-Disassembly | 6 years, 2 months | |||
| Control Flow Graph Flattening | U0216 | Anti-Disassembly | 6 years, 2 months | |||
| API Obfuscation | U0217 B0032.001 | Anti-Disassembly | 6 years, 2 months | |||
| INT3 Instruction Scanning | U0105 B0001.025 | Anti-Debugging | 6 years, 2 months | |||
| Interrupts | U0106 | Anti-Debugging | 6 years, 2 months | |||
| Performing Code Checksum | U0107 | Anti-Debugging | 6 years, 2 months | |||
| Unhandled Exception Filter | U0108 B0001.030 | Anti-Debugging | 6 years, 2 months | |||
| Bad String Format | U0104 | Anti-Debugging | 6 years, 2 months | |||
| TLS Callback | U0124 | Anti-Debugging | 6 years, 2 months | |||
| Detecting Running Process: EnumProcess API | U0109 U0405 U1306 | Sandbox Evasion, Anti-Debugging, Anti-Monitoring | 6 years, 2 months | |||
| Detecting Window with FindWindow API | U0406 U0123 | Anti-Debugging, Anti-Monitoring | 6 years, 2 months | |||
| GetLocalTime, GetSystemTime, timeGetTime, NtQueryPerformanceCounter | U0110 U1308 B0001.28 | Sandbox Evasion, Anti-Debugging | 6 years, 2 months | |||
| GetTickCount | U0125 B0001.032 | Anti-Debugging | 6 years, 2 months | |||
| RDTSC | U0126 | Anti-Debugging | 6 years, 2 months | |||
| NtGlobalFlag | U0111 B0001.036 | Anti-Debugging | 6 years, 2 months | |||
| Heap Flag | U0112 B0001.021 | Anti-Debugging | 6 years, 2 months | |||
| IsDebugged Flag | U0113 B0001.019 | Anti-Debugging | 6 years, 2 months | |||
| CloseHandle, NtClose | U0114 B0001.003 | Anti-Debugging | 6 years, 2 months | |||
| CsrGetProcessID | U0115 | Anti-Debugging | 6 years, 2 months | |||
| EventPairHandles | U0116 | Anti-Debugging | 6 years, 2 months |