Technique List

Technique Name Technique ID's Categories Snippet(s) Rules(s) OS Creation Date
Unloading Sysmon Driver U0407 Anti-Monitoring 2 years, 9 months
Shellcode Injection via CreateThreadpoolWait U1236 Process Manipulating 2 years, 9 months
Thwarting Stack-Frame Analysis U0219 Anti-Disassembly 2 years, 10 months
Misusing Structured Exception Handlers U0218 B0032.016 Anti-Disassembly 2 years, 10 months
ProcEnvInjection - Remote code injection by abusing process environment strings U1235 Process Manipulating 2 years, 10 months
Disabling Event Tracing for Windows (ETW) U0306 Anti-Forensic 2 years, 11 months
Anti-UPX Unpacking U1008 Others 3 years
Volume Shadow Copy Service (VSC,VSS) Deletion U0305 T1070.004 Anti-Forensic, Defense Evasion [Mitre] 3 years, 1 month
User Interaction (Are you human?) U1339 E1204 Sandbox Evasion 3 years, 8 months
Access Token Manipulation: Parent PID Spoofing U1234 T1134.004 Process Manipulating, Defense Evasion [Mitre] 3 years, 8 months
Killing Windows Event Log U0304 Anti-Forensic 3 years, 8 months
Process Ghosting U1232 Process Manipulating 3 years, 10 months
Process Herpaderping U1231 Process Manipulating 3 years, 10 months
LocalSize(0) U0128 Anti-Debugging 3 years, 11 months
Detecting Online Sandbox U1338 Sandbox Evasion 4 years, 1 month
File Melt U1007 Others 4 years, 1 month
Execution Guardrails: Environmental Keying T1480.001 Defense Evasion [Mitre] 4 years, 5 months
Indicator Removal: Timestomp U0303 T1070.006 Anti-Forensic, Defense Evasion [Mitre] 4 years, 5 months
Debug Registers, Hardware Breakpoints U0127 B0001.005 Anti-Debugging 4 years, 5 months
Anti Yara Rules U1001 Others 4 years, 5 months
Breaking BaDDEr U1201 Process Manipulating 4 years, 5 months
DNS API Injection U1202 Process Manipulating 4 years, 5 months
CLIPBRDWNDCLASS U1203 Process Manipulating 4 years, 6 months
WordWarping U1204 Process Manipulating 4 years, 6 months
EditWordBreakProc U1229 Process Manipulating 4 years, 6 months
OLEUM U1206 Process Manipulating 4 years, 6 months
Listplanting U1207 Process Manipulating 4 years, 6 months
Treepoline U1208 Process Manipulating 4 years, 6 months
ConsoleWindowClass U1209 Process Manipulating 4 years, 6 months
Bypass User Account Control T1548.002 Defense Evasion [Mitre] 4 years, 6 months
Filter
Clear