Technique List
| Technique Name | Technique ID's | Categories | Snippet(s) | Rules(s) | OS | Creation Date |
|---|---|---|---|---|---|---|
| PowerShell Special Characters Obfuscation | U0709 | Data Obfuscation | 1 year, 2 months | |||
| PureCrypter | U1433 | Packers | 1 year, 2 months | |||
| TrueCrypt | U1432 | Packers | 1 year, 2 months | |||
| EasyCrypter | U1431 | Packers | 1 year, 2 months | |||
| FuncIn | U0132 U0221 U0308 | Antivirus/EDR Evasion, Anti-Debugging, Anti-Disassembly, Anti-Forensic | 1 year, 3 months | |||
| Process Argument Spoofing | U1243 | Process Manipulating | 1 year, 3 months | |||
| SMB / Named Pipes | U9011 | Network Evasion | 1 year, 7 months | |||
| Right-to-Left Override (RLO) Extension Spoofing | U1010 | Others | 1 year, 7 months | |||
| DLL Unhooking | U0522 | Antivirus/EDR Evasion | 1 year, 8 months | |||
| Shikata Ga Nai (SGN) | U0708 | Data Obfuscation | 1 year, 8 months | |||
| C2 via FTP(S) | U0910 | Network Evasion | 1 year, 9 months | |||
| Evasion using direct Syscalls | U0521 | Antivirus/EDR Evasion | 1 year, 10 months | |||
| Hell's Gate | U0520 | Antivirus/EDR Evasion | 1 year, 11 months | |||
| XSL Script Processing | T1220 | Defense Evasion [Mitre] | 2 years | |||
| Virtualization/Sandbox Evasion: Time Based Evasion | T1497.003 | Defense Evasion [Mitre] | 2 years | |||
| Virtualization/Sandbox Evasion: User Activity Based Checks | T1497.002 | Defense Evasion [Mitre] | 2 years | |||
| Virtualization/Sandbox Evasion: System Checks | T1497.001 | Defense Evasion [Mitre] | 2 years | |||
| Valid Accounts: Local Accounts | T1078.003 | Defense Evasion [Mitre] | 2 years | |||
| Valid Accounts: Domain Accounts | T1078.002 | Defense Evasion [Mitre] | 2 years | |||
| Valid Accounts: Default Accounts | T1078.001 | Defense Evasion [Mitre] | 2 years | |||
| ScrubCrypt | U1430 | Packers | 2 years | |||
| Constant Blinding | U0707 | Data Obfuscation | 2 years | |||
| Unloading Module with FreeLibrary | U0519 | Antivirus/EDR Evasion | 2 years | |||
| AddVectoredExceptionHandler | U0125 | Anti-Debugging | 2 years | |||
| Call to Interrupt Procedure | U0124 | Anti-Debugging | 2 years | |||
| Use Alternate Authentication Material: Pass the Ticket | T1550.003 | Defense Evasion [Mitre] | 2 years | |||
| Use Alternate Authentication Material: Pass the Hash | T1550.002 | Defense Evasion [Mitre] | 2 years | |||
| Trusted Developer Utilities Proxy Execution: MSBuild | T1127.001 | Defense Evasion [Mitre] | 2 years | |||
| Traffic Signaling: Socket Filters | T1205.002 | Defense Evasion [Mitre] | 2 years | |||
| Traffic Signaling: Port Knocking | T1205.001 | Defense Evasion [Mitre] | 2 years |