
Technique List
Technique Name | Technique ID's | Categories | Has Snippet(s) | Has Rules(s) | Creation Date |
---|---|---|---|---|---|
NTFS Files Attributes | U0501 | Antivirus/EDR Evasion | 4 years | ||
Hiding Mechanisms | U1003 | Others | 4 years | ||
Wiping or Encrypting | U0301 | Anti-Forensic | 4 years | ||
Indicator Removal: Clear Windows Event Logs | T1070.001 U0302 | Defense Evasion [Mitre], Anti-Forensic | 4 years | ||
Kill Process | U0403 | Anti-Monitoring | 4 years | ||
Opaque Predicate | U0201 B0032.019 | Anti-Disassembly | 4 years | ||
Code Transposition | U0202 | Anti-Disassembly | 4 years | ||
Register Reassignment | U0203 | Anti-Disassembly | 4 years | ||
Inserting Garbage Bytes | U0204 B0032.007 | Anti-Disassembly | 4 years | ||
Call Trick | U0205 | Anti-Disassembly | 4 years | ||
NOP Sled | U0206 | Anti-Disassembly | 4 years | ||
Inline Hooking | U1211 F0015.002 | Process Manipulating | 4 years | ||
LOLbins | U1004 | Others | 4 years | ||
COM Hijacking | U1212 | Process Manipulating | 4 years | ||
Ctrl+Inject | U1213 | Process Manipulating | 4 years | ||
Propagate | U1214 | Process Manipulating | 4 years | ||
Process Doppelgänging | U1215 | Process Manipulating | 4 years | ||
PE Injection | U1216 E1055.002 | Process Manipulating | 4 years | ||
IAT Hooking | U1217 F0015.003 | Process Manipulating | 4 years | ||
Injection using Shims | U1218 E1055.m03 | Process Manipulating | 4 years | ||
Extra Window Memory Injection | U1219 E1055.011 | Process Manipulating | 4 years | ||
Atom Bombing | U1220 | Process Manipulating | 4 years | ||
APC injection | U1221 E1055.004 | Process Manipulating | 4 years | ||
Image File Execution Options Injection | U1222 | Process Manipulating | 4 years | ||
Thread Execution Hijacking | U1223 E1055.003 | Process Manipulating | 4 years | ||
Reflective DLL injection | U1224 | Process Manipulating | 4 years | ||
SuspendThread | U0101 C0055 | Anti-Debugging | 4 years | ||
Guard Pages | U0102 B0006.006 | Anti-Debugging | 4 years | ||
NtSetDebugFilterState | U0103 | Anti-Debugging | 4 years | ||
Code Cave | U0502 | Antivirus/EDR Evasion | 4 years |