Technique List
Technique Name | Technique ID's | Categories | Snippet(s) | Rules(s) | OS | Creation Date |
---|---|---|---|---|---|---|
PowerShell Special Characters Obfuscation | U0709 | Data Obfuscation | 1 year | |||
PureCrypter | U1433 | Packers | 1 year | |||
TrueCrypt | U1432 | Packers | 1 year | |||
EasyCrypter | U1431 | Packers | 1 year | |||
FuncIn | U0132 U0221 U0308 | Antivirus/EDR Evasion, Anti-Debugging, Anti-Disassembly, Anti-Forensic | 1 year, 1 month | |||
Process Argument Spoofing | U1243 | Process Manipulating | 1 year, 1 month | |||
SMB / Named Pipes | U9011 | Network Evasion | 1 year, 4 months | |||
Right-to-Left Override (RLO) Extension Spoofing | U1010 | Others | 1 year, 5 months | |||
DLL Unhooking | U0522 | Antivirus/EDR Evasion | 1 year, 6 months | |||
Shikata Ga Nai (SGN) | U0708 | Data Obfuscation | 1 year, 6 months | |||
C2 via FTP(S) | U0910 | Network Evasion | 1 year, 7 months | |||
Evasion using direct Syscalls | U0521 | Antivirus/EDR Evasion | 1 year, 8 months | |||
Hell's Gate | U0520 | Antivirus/EDR Evasion | 1 year, 9 months | |||
XSL Script Processing | T1220 | Defense Evasion [Mitre] | 1 year, 9 months | |||
Virtualization/Sandbox Evasion: Time Based Evasion | T1497.003 | Defense Evasion [Mitre] | 1 year, 9 months | |||
Virtualization/Sandbox Evasion: User Activity Based Checks | T1497.002 | Defense Evasion [Mitre] | 1 year, 9 months | |||
Virtualization/Sandbox Evasion: System Checks | T1497.001 | Defense Evasion [Mitre] | 1 year, 9 months | |||
Valid Accounts: Local Accounts | T1078.003 | Defense Evasion [Mitre] | 1 year, 9 months | |||
Valid Accounts: Domain Accounts | T1078.002 | Defense Evasion [Mitre] | 1 year, 9 months | |||
Valid Accounts: Default Accounts | T1078.001 | Defense Evasion [Mitre] | 1 year, 9 months | |||
ScrubCrypt | U1430 | Packers | 1 year, 9 months | |||
Constant Blinding | U0707 | Data Obfuscation | 1 year, 9 months | |||
Unloading Module with FreeLibrary | U0519 | Antivirus/EDR Evasion | 1 year, 9 months | |||
AddVectoredExceptionHandler | U0125 | Anti-Debugging | 1 year, 10 months | |||
Call to Interrupt Procedure | U0124 | Anti-Debugging | 1 year, 10 months | |||
Use Alternate Authentication Material: Pass the Ticket | T1550.003 | Defense Evasion [Mitre] | 1 year, 10 months | |||
Use Alternate Authentication Material: Pass the Hash | T1550.002 | Defense Evasion [Mitre] | 1 year, 10 months | |||
Trusted Developer Utilities Proxy Execution: MSBuild | T1127.001 | Defense Evasion [Mitre] | 1 year, 10 months | |||
Traffic Signaling: Socket Filters | T1205.002 | Defense Evasion [Mitre] | 1 year, 10 months | |||
Traffic Signaling: Port Knocking | T1205.001 | Defense Evasion [Mitre] | 1 year, 10 months |