Technique List
| Technique Name | Technique ID's | Categories | Snippet(s) | Rules(s) | OS | Creation Date |
|---|---|---|---|---|---|---|
| Hide Artifacts: Run Virtual Instance | T1564.006 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Hide Artifacts: Hidden File System | T1564.005 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Hide Artifacts: NTFS File Attributes | T1564.004 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Hide Artifacts: Hidden Window | T1564.003 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Hide Artifacts: Hidden Users | T1564.002 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Hide Artifacts: Hidden Files and Directories | T1564.001 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Windows File and Directory Permissions Modification | T1222.001 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Domain Member | U1341 | Sandbox Evasion | 2 years, 9 months | |||
| CPU Counting | U1340 B0009.018 | Sandbox Evasion | 2 years, 9 months | |||
| Return Address Spoofing | U0518 | Antivirus/EDR Evasion | 2 years, 9 months | |||
| Avoiding Memory Scanners (Yara, Pe-sieve...) | U1009 | Others | 2 years, 9 months | |||
| Domain Policy Modification: Domain Trust Modification | T1484.002 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Domain Policy Modification: Group Policy Modification | T1484.001 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Access Token Manipulation: SID-History Injection | T1134.005 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Access Token Manipulation: Make and Impersonate Token | T1134.003 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Access Token Manipulation: Create Process with Token | T1134.002 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Access Token Manipulation: Token Impersonation/Theft | T1134.001 | Defense Evasion [Mitre] | 2 years, 9 months | |||
| Homograph Attack (Punycode) | U0909 | Network Evasion | 2 years, 9 months | |||
| Domain Fronting | U0908 T1090.004 | Network Evasion, Defense Evasion [Mitre] | 2 years, 9 months | |||
| Milfuscator | U1429 | Packers | 2 years, 10 months | |||
| Dirty Vanity | U1242 | Process Manipulating | 2 years, 10 months | |||
| Mark-Of-The-Web (MOTW) Bypass | U0517 | Antivirus/EDR Evasion | 3 years | |||
| Tamper DLL Export Names & GetProcAddress Spoofing | U1241 | Process Manipulating | 3 years, 2 months | |||
| Hijack Execution Flow: DLL Search Order Hijacking | T1574.001 | Defense Evasion [Mitre] | 3 years, 3 months | |||
| DLL Proxying | U1240 | Process Manipulating | 3 years, 3 months | |||
| Change Module Base Address at Runtime | U1239 | Process Manipulating | 3 years, 3 months | |||
| Change Module Name at Runtime | U1238 | Process Manipulating | 3 years, 3 months | |||
| FLIRT Signatures Evasion | U0220 | Anti-Disassembly | 3 years, 4 months | |||
| Windows Event Log Evasion via Native APIs | U0307 | Anti-Forensic | 3 years, 4 months | |||
| Trap Flag | U0131 | Anti-Debugging | 3 years, 4 months |