
Technique List
Technique Name | Technique ID's | Categories | Has Snippet(s) | Has Rules(s) | Creation Date |
---|---|---|---|---|---|
CPU Counting | U1340 B0009.018 | Sandbox Evasion | 8 months | ||
Return Address Spoofing | U0518 | Antivirus/EDR Evasion | 8 months | ||
Avoiding Memory Scanners (Yara, Pe-sieve...) | U1009 | Others | 8 months | ||
Domain Policy Modification: Domain Trust Modification | T1484.002 | Defense Evasion [Mitre] | 8 months | ||
Domain Policy Modification: Group Policy Modification | T1484.001 | Defense Evasion [Mitre] | 8 months | ||
Access Token Manipulation: SID-History Injection | T1134.005 | Defense Evasion [Mitre] | 8 months | ||
Access Token Manipulation: Make and Impersonate Token | T1134.003 | Defense Evasion [Mitre] | 8 months | ||
Access Token Manipulation: Create Process with Token | T1134.002 | Defense Evasion [Mitre] | 8 months | ||
Access Token Manipulation: Token Impersonation/Theft | T1134.001 | Defense Evasion [Mitre] | 8 months | ||
Homograph Attack (Punycode) | U0909 | Network Evasion | 8 months, 2 weeks | ||
Domain Fronting | U0908 T1090.004 | Defense Evasion [Mitre], Network Evasion | 8 months, 2 weeks | ||
Milfuscator | U1429 | Packers | 9 months, 1 week | ||
Dirty Vanity | U1242 | Process Manipulating | 9 months, 2 weeks | ||
Mark-Of-The-Web (MOTW) Bypass | U0517 | Antivirus/EDR Evasion | 11 months, 2 weeks | ||
Tamper DLL Export Names & GetProcAddress Spoofing | U1241 | Process Manipulating | 1 year, 1 month | ||
Hijack Execution Flow: DLL Search Order Hijacking | T1574.001 | Defense Evasion [Mitre] | 1 year, 2 months | ||
DLL Proxying | U1240 | Process Manipulating | 1 year, 2 months | ||
Change Module Base Address at Runtime | U1239 | Process Manipulating | 1 year, 2 months | ||
Change Module Name at Runtime | U1238 | Process Manipulating | 1 year, 2 months | ||
FLIRT Signatures Evasion | U0220 | Anti-Disassembly | 1 year, 3 months | ||
Windows Event Log Evasion via Native APIs | U0307 | Anti-Forensic | 1 year, 3 months | ||
Trap Flag | U0131 | Anti-Debugging | 1 year, 3 months | ||
ICE 0xF1 | U0130 | Anti-Debugging | 1 year, 3 months | ||
INT 0x2D | U0129 B0001.006 | Anti-Debugging | 1 year, 3 months | ||
BobSoft Mini Delphi Packer | U1428 | Packers | 1 year, 3 months | ||
CryptOne | U1427 | Packers | 1 year, 3 months | ||
CloudEye/DarkEye | U1426 | Packers | 1 year, 3 months | ||
NLS Code Injection Through Registry | U1237 | Process Manipulating | 1 year, 3 months | ||
DTPacker | U1416 | Packers | 1 year, 3 months | ||
PESpin | U1425 | Packers | 1 year, 3 months |