Technique List
Technique Name | Technique ID's | Categories | Has Snippet(s) | Has Rules(s) | Creation Date |
---|---|---|---|---|---|
XOR Operation | U0701 E1027.m02 | Data Obfuscation | 5 years, 1 month | ||
FIleless Mechanisms | U1205 B0027.001 | Process Manipulating | 5 years, 1 month | ||
DLL Injection via CreateRemoteThread and LoadLibrary | U1226 E1055.001 | Process Manipulating | 5 years, 1 month | ||
Hook Injection | U1227 E1055.m01 | Process Manipulating | 5 years, 1 month | ||
Entry Point Modification | U1228 | Process Manipulating | 5 years, 1 month | ||
Parent Process Detection | U0404 | Anti-Monitoring | 5 years, 1 month | ||
Process Camouflage, Masquerading | U1230 F0005 | Process Manipulating | 5 years, 1 month | ||
Process Hollowing, RunPE | U1225 E1055.012 | Process Manipulating | 5 years, 1 month | ||
Disassembly Desynchronization | U0207 | Anti-Disassembly | 5 years, 1 month | ||
Dynamically Computed Target Address | U0208 | Anti-Disassembly | 5 years, 1 month | ||
Opcode Obfuscation | U0209 | Anti-Disassembly | 5 years, 1 month | ||
Jump With Same Target | U0210 | Anti-Disassembly | 5 years, 1 month | ||
Impossible Disassembly | U0211 | Anti-Disassembly | 5 years, 1 month | ||
Obscuring Control Flow | U0212 | Anti-Disassembly | 5 years, 1 month | ||
Abusing the Return Pointer | U0213 | Anti-Disassembly | 5 years, 1 month | ||
Obscuring Control Flow Using Pointers | U0214 | Anti-Disassembly | 5 years, 1 month | ||
Spaghetti, Junk Code | U0215 | Anti-Disassembly | 5 years, 1 month | ||
Control Flow Graph Flattening | U0216 | Anti-Disassembly | 5 years, 1 month | ||
API Obfuscation | U0217 B0032.001 | Anti-Disassembly | 5 years, 1 month | ||
INT3 Instruction Scanning | U0105 B0001.025 | Anti-Debugging | 5 years, 1 month | ||
Interrupts | U0106 | Anti-Debugging | 5 years, 1 month | ||
Performing Code Checksum | U0107 | Anti-Debugging | 5 years, 1 month | ||
Unhandled Exception Filter | U0108 B0001.030 | Anti-Debugging | 5 years, 1 month | ||
Bad String Format | U0104 | Anti-Debugging | 5 years, 1 month | ||
TLS Callback | U0124 | Anti-Debugging | 5 years, 1 month | ||
Detecting Running Process: EnumProcess API | U0109 U0405 U1306 | Sandbox Evasion, Anti-Debugging, Anti-Monitoring | 5 years, 1 month | ||
Detecting Window with FindWindow API | U0406 U0123 | Anti-Debugging, Anti-Monitoring | 5 years, 1 month | ||
GetLocalTime, GetSystemTime, timeGetTime, NtQueryPerformanceCounter | U0110 U1308 B0001.28 | Sandbox Evasion, Anti-Debugging | 5 years, 1 month | ||
GetTickCount | U0125 B0001.032 | Anti-Debugging | 5 years, 1 month | ||
RDTSC | U0126 | Anti-Debugging | 5 years, 1 month |