Technique List

Technique Name Technique ID's Categories Has Snippet(s) Has Rules(s) Creation Date
CPU Counting U1340 B0009.018 Sandbox Evasion 8 months
Return Address Spoofing U0518 Antivirus/EDR Evasion 8 months
Avoiding Memory Scanners (Yara, Pe-sieve...) U1009 Others 8 months
Domain Policy Modification: Domain Trust Modification T1484.002 Defense Evasion [Mitre] 8 months
Domain Policy Modification: Group Policy Modification T1484.001 Defense Evasion [Mitre] 8 months
Access Token Manipulation: SID-History Injection T1134.005 Defense Evasion [Mitre] 8 months
Access Token Manipulation: Make and Impersonate Token T1134.003 Defense Evasion [Mitre] 8 months
Access Token Manipulation: Create Process with Token T1134.002 Defense Evasion [Mitre] 8 months
Access Token Manipulation: Token Impersonation/Theft T1134.001 Defense Evasion [Mitre] 8 months
Homograph Attack (Punycode) U0909 Network Evasion 8 months, 2 weeks
Domain Fronting U0908 T1090.004 Defense Evasion [Mitre], Network Evasion 8 months, 2 weeks
Milfuscator U1429 Packers 9 months, 1 week
Dirty Vanity U1242 Process Manipulating 9 months, 2 weeks
Mark-Of-The-Web (MOTW) Bypass U0517 Antivirus/EDR Evasion 11 months, 2 weeks
Tamper DLL Export Names & GetProcAddress Spoofing U1241 Process Manipulating 1 year, 1 month
Hijack Execution Flow: DLL Search Order Hijacking T1574.001 Defense Evasion [Mitre] 1 year, 2 months
DLL Proxying U1240 Process Manipulating 1 year, 2 months
Change Module Base Address at Runtime U1239 Process Manipulating 1 year, 2 months
Change Module Name at Runtime U1238 Process Manipulating 1 year, 2 months
FLIRT Signatures Evasion U0220 Anti-Disassembly 1 year, 3 months
Windows Event Log Evasion via Native APIs U0307 Anti-Forensic 1 year, 3 months
Trap Flag U0131 Anti-Debugging 1 year, 3 months
ICE 0xF1 U0130 Anti-Debugging 1 year, 3 months
INT 0x2D U0129 B0001.006 Anti-Debugging 1 year, 3 months
BobSoft Mini Delphi Packer U1428 Packers 1 year, 3 months
CryptOne U1427 Packers 1 year, 3 months
CloudEye/DarkEye U1426 Packers 1 year, 3 months
NLS Code Injection Through Registry U1237 Process Manipulating 1 year, 3 months
DTPacker U1416 Packers 1 year, 3 months
PESpin U1425 Packers 1 year, 3 months
Filter
Clear