Technique List

Technique Name Technique ID's Categories Snippet(s) Rules(s) OS Creation Date
DLL Unhooking U0522 Antivirus/EDR Evasion 1 year, 5 months
Shikata Ga Nai (SGN) U0708 Data Obfuscation 1 year, 5 months
C2 via FTP(S) U0910 Network Evasion 1 year, 6 months
Evasion using direct Syscalls U0521 Antivirus/EDR Evasion 1 year, 7 months
Hell's Gate U0520 Antivirus/EDR Evasion 1 year, 8 months
XSL Script Processing T1220 Defense Evasion [Mitre] 1 year, 9 months
Virtualization/Sandbox Evasion: Time Based Evasion T1497.003 Defense Evasion [Mitre] 1 year, 9 months
Virtualization/Sandbox Evasion: User Activity Based Checks T1497.002 Defense Evasion [Mitre] 1 year, 9 months
Virtualization/Sandbox Evasion: System Checks T1497.001 Defense Evasion [Mitre] 1 year, 9 months
Valid Accounts: Local Accounts T1078.003 Defense Evasion [Mitre] 1 year, 9 months
Valid Accounts: Domain Accounts T1078.002 Defense Evasion [Mitre] 1 year, 9 months
Valid Accounts: Default Accounts T1078.001 Defense Evasion [Mitre] 1 year, 9 months
ScrubCrypt U1430 Packers 1 year, 9 months
Constant Blinding U0707 Data Obfuscation 1 year, 9 months
Unloading Module with FreeLibrary U0519 Antivirus/EDR Evasion 1 year, 9 months
AddVectoredExceptionHandler U0125 Anti-Debugging 1 year, 9 months
Call to Interrupt Procedure U0124 Anti-Debugging 1 year, 9 months
Use Alternate Authentication Material: Pass the Ticket T1550.003 Defense Evasion [Mitre] 1 year, 9 months
Use Alternate Authentication Material: Pass the Hash T1550.002 Defense Evasion [Mitre] 1 year, 9 months
Trusted Developer Utilities Proxy Execution: MSBuild T1127.001 Defense Evasion [Mitre] 1 year, 9 months
Traffic Signaling: Socket Filters T1205.002 Defense Evasion [Mitre] 1 year, 9 months
Traffic Signaling: Port Knocking T1205.001 Defense Evasion [Mitre] 1 year, 9 months
Template Injection T1221 Defense Evasion [Mitre] 1 year, 9 months
System Script Proxy Execution: PubPrn T1216.001 Defense Evasion [Mitre] 1 year, 9 months
System Binary Proxy Execution: MMC T1218.014 Defense Evasion [Mitre] 1 year, 9 months
System Binary Proxy Execution: Mavinject T1218.013 Defense Evasion [Mitre] 1 year, 9 months
System Binary Proxy Execution: Verclsid T1218.012 Defense Evasion [Mitre] 1 year, 9 months
System Binary Proxy Execution: Rundll32 T1218.011 Defense Evasion [Mitre] 1 year, 9 months
System Binary Proxy Execution: Regsvr32 T1218.010 Defense Evasion [Mitre] 1 year, 9 months
System Binary Proxy Execution: Regsvcs/Regasm T1218.009 Defense Evasion [Mitre] 1 year, 9 months
Filter
Clear