All pages
- Duplicate Rows for Yaron
- fraud
- destruction
- availability violation
- security degradation
- anti-removal
- integrity violation
- infection/propagation
- anti-detection
- secondary operation
- spying
- data theft
- anti-code analysis
- persistence
- command and control
- anti-behavioral analysis
- anti-virus evasion
- authentication credentials theft
- environment awareness
- compromise data availability
- email spam
- data integrity violation
- install other components
- service provider security feature degradation
- security software degradation
- OS security feature degradation
- compromise system availability
- consume system resources
- prevent artifact deletion
- prevent artifact access
- virtual entity destruction
- physical entity destruction
- input peripheral capture
- continuous execution
- system re-infection
- remote machine infection
- determine c2 server
- receive data from c2 server
- hide executing code
- send data to c2 server
- self-modification
- security software evasion
- anti-memory forensics
- hide artifacts
- anti-disassembly
- anti-VM
- anti-debugging
- anti-sandbox
- API Call: getInstalledPackages
- UEFI Bootloader Injection
- Private API Exploitation
- Windows Shutdown Event
- Router Firmware Image Modification
- DYLD_INSERT_LIBRARIES Exploitation
- Launchd.conf Exploitation
- Web Injection
- Launch Daemon and Launch Agent Exploitation
- Kernel Extension (Kext) Rootkit
- Surreptitious Application Installation
- Product Key/ID Testing
- Injected DLL Testing
- Guest Process Testing
- HTML5 Performance Object
- Named System Object Checks
- API Call: HttpSendRequest
- API Call: DeviceIoControlFile
- API Call: GetVolumeInformation
- OpCode Frequency Distribution
- CryptoAPI
- API Call: restartPackage
- Process Environment Block (PEB)
- API Call: IsDebuggerPresent
- Malicious Network Driver
- Control Graph Flattening
- API Call: TranslateMessage
- steal web/network credential
- compare host fingerprints
- fingerprint host
- encrypt files
- request email address list
- request email template
- send email message
- intercept/manipulate network traffic
- manipulate file system data
- log activity
- suicide exit
- install secondary module
- install legitimate software
- install secondary malware
- remove SMS warning messages
- disable kernel patch protection
- disable OS security alerts
- disable system file overwrite protection
- stop execution of security software
- block security websites
- encrypt self
- hide registry artifacts
- hide file system artifacts
- hide network traffic
- obfuscate artifact properties
- hide open network ports
- feed misinformation during physical memory acquisition
- hide arbitrary virtual memory
- prevent physical memory acquisition
- test SMTP connection
- denial of service
- mine for cryptocurrency
- crack passwords
- access premium service
- click fraud
- prevent API unhooking
- prevent file deletion
- prevent registry deletion
- prevent memory access
- prevent file access
- prevent registry access
- erase data
- destroy hardware
- persist after os changes
- persist after system reboot
- re-instantiate self
- autonomous remote infection
- hide threads
- hide services
- hide kernel modules
- execute non-main CPU code
- hide userspace libraries
- execute stealthy code
- hide processes
- execute before/external to kernel/hypervisor
- prevent native API hooking
- defeat flow-oriented assembler
- defeat call graph generation
- defeat linear disassembler
- prevent debugging
- capture keyboard input
- detect sandbox environment
- detect installed analysis tools
- overload sandbox
- check for payload
- send beacon
- send system information
- detect VM environment
- update configuration
- control malware via remote command
- generate c2 domain name(s)
- inventory security products
- evade static heuristic
- detect debugging
- symbolic obfuscation
- interleaving code
- dead code insertion
- entry point obfuscation
- code encryption
- code compression
- import address table obfuscation
- prevent concurrent execution
- anti-emulation
- detect emulator
- Timing/Delay Checks
- Timing/Date Checks
- defeat emulator
- Undocumented Opcodes
- Guard Pages
- Instruction Overlap
- Debugger Artifacts
- Extended/Different Instruction Sets
- Unusual/Undocumented API Calls
- Extra Loops/Time Locks
