All indicators are available only in the private webservice or standalone version.( Show technique in the MITRE ATT&CK™ matrix) Source Hook Detection relevance 10/10 ATT&CK ID "Video_Converter_TSV11MMDY.exe" wrote bytes "c2000000" to virtual address "0x70D74020" (part of module "SYSTEM.DLL") Installs hooks/patches the running processĪdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.Īdversaries may attempt to get a listing of open application windows.Īdversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Īdversaries may target user email to collect sensitive information.Īdversaries may stage collected data in a central location or directory on the local system prior to Exfiltration.Ĭreates a writable file in a temporary directory ![]() ![]() The input sample is signed with a valid certificateĪdversaries may hook into Windows application programming interface (API) functions to collect user credentials. The input sample is signed with a certificate Adversaries may perform software packing or virtual machine software protection to conceal their code.Īdversaries may delete files left behind by the actions of their intrusion activity.Īdversaries may create, acquire, or steal code signing materials to sign their malware or tools.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |