Technique List
Technique Name | Technique ID's | Categories | Has Snippet(s) | Has Rules(s) | Creation Date |
---|---|---|---|---|---|
Hijack Execution Flow: Executable Installer File Permissions Weakness | T1574.005 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Hijack Execution Flow: DLL Side-Loading | T1574.002 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Hide Artifacts: Process Argument Spoofing | T1564.010 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Hide Artifacts: Email Hiding Rules | T1564.008 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Hide Artifacts: VBA Stomping | T1564.007 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Hide Artifacts: Run Virtual Instance | T1564.006 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Hide Artifacts: Hidden File System | T1564.005 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Hide Artifacts: NTFS File Attributes | T1564.004 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Hide Artifacts: Hidden Window | T1564.003 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Hide Artifacts: Hidden Users | T1564.002 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Hide Artifacts: Hidden Files and Directories | T1564.001 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Windows File and Directory Permissions Modification | T1222.001 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Domain Member | U1341 | Sandbox Evasion | 1 year, 2 months | ||
CPU Counting | U1340 B0009.018 | Sandbox Evasion | 1 year, 2 months | ||
Return Address Spoofing | U0518 | Antivirus/EDR Evasion | 1 year, 2 months | ||
Avoiding Memory Scanners (Yara, Pe-sieve...) | U1009 | Others | 1 year, 2 months | ||
Domain Policy Modification: Domain Trust Modification | T1484.002 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Domain Policy Modification: Group Policy Modification | T1484.001 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Access Token Manipulation: SID-History Injection | T1134.005 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Access Token Manipulation: Make and Impersonate Token | T1134.003 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Access Token Manipulation: Create Process with Token | T1134.002 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Access Token Manipulation: Token Impersonation/Theft | T1134.001 | Defense Evasion [Mitre] | 1 year, 2 months | ||
Homograph Attack (Punycode) | U0909 | Network Evasion | 1 year, 3 months | ||
Domain Fronting | U0908 T1090.004 | Network Evasion, Defense Evasion [Mitre] | 1 year, 3 months | ||
Milfuscator | U1429 | Packers | 1 year, 3 months | ||
Dirty Vanity | U1242 | Process Manipulating | 1 year, 4 months | ||
Mark-Of-The-Web (MOTW) Bypass | U0517 | Antivirus/EDR Evasion | 1 year, 5 months | ||
Tamper DLL Export Names & GetProcAddress Spoofing | U1241 | Process Manipulating | 1 year, 8 months | ||
Hijack Execution Flow: DLL Search Order Hijacking | T1574.001 | Defense Evasion [Mitre] | 1 year, 8 months | ||
DLL Proxying | U1240 | Process Manipulating | 1 year, 8 months |