Screen Resolution Testing | Behavior | sandbox detect & evade |
Effects | Attribute | erasure scope |
Self Debugging | Behavior | debugger prevention |
& Obfuscated Files or Information | Capability | Anti-Static Analysis |
+ analysis tool discovery | Capability | Discovery |
Timing/Up-time Check | Behavior | debugger detect & evade |
Timing/Date Checks | Behavior | debugger detect & evade |
c2 communication | Capability | Command and Control |
Lateral Movement | Attribute | scope |
Lateral Movement | Attribute | infection targeting |
Lateral Movement | Attribute | autonomy |
Lateral Movement | Attribute | targeted file type |
Lateral Movement | Attribute | targeted file architecture type |
Lateral Movement | Attribute | file infection type |
Lateral Movement | Attribute | file modification type |
Execution | Attribute | trigger type |
& Software Packing | Capability | Anti-Static Analysis |
Exfiltration | Attribute | targeted website |
& Rootkit | Capability | Defense Evasion |
Persistence | Attribute | scope |
Command and Control | Attribute | frequency |
Command and Control | Attribute | port number |
Command and Control | Attribute | technique |
Command and Control | Attribute | applicable platform |
Command and Control | Attribute | network protocol |
Command and Control | Attribute | encryption algorithm |
+ private api exploitation (Mobile) | Capability | Persistence |
& Hooking | Capability | Anti-Behavioral Analysis |
+ surreptitious application installation | Capability | Persistence |
Monitoring thread | Behavior | debugger detect & evade |
debugger obstruction | Attribute | port number |
debugger obstruction | Capability | Anti-Behavioral Analysis |
Interrupt Hooking | Behavior | debugger prevention |
sandbox prevention | Capability | Anti-Behavioral Analysis |
+ malicious network driver | Capability | Persistence |
+ windows shutdown event | Capability | Persistence |
illusionary issues | Capability | Anti-Behavioral Analysis |
polymorphic code | Capability | Defense Evasion |
& Component Firmware | Capability | Persistence |
code optimization | Capability | Anti-Static Analysis |
resource compression | Capability | Anti-Static Analysis |
virtualized code | Capability | Anti-Static Analysis |
virtualized code | Capability | Anti-Behavioral Analysis |
exploitation for analysis evasion | Capability | Anti-Behavioral Analysis |
Product Key/ID Testing | Behavior | sandbox detect & evade |
Injected DLL Testing | Behavior | sandbox detect & evade |
Guest Process Testing | Behavior | virtual machine detect & evade |
HTML5 Performance Object | Behavior | virtual machine detect & evade |
Named System Object Checks | Behavior | virtual machine detect & evade |
CryptoAPI | Behavior | & Encrypt Files for Ransom (mobile) |
Process Environment Block (PEB) | Behavior | debugger detect & evade |
API Call: IsDebuggerPresent | Behavior | debugger detect & evade |
Control Graph Flattening | Behavior | linear disassembler prevention |
& Encrypt Files for Ransom (mobile) | Attribute | technique |
& Encrypt Files for Ransom (mobile) | Attribute | applicable platform |
& Encrypt Files for Ransom (mobile) | Attribute | encryption algorithm |
& Encrypt Files for Ransom (mobile) | Capability | Effects |
+ send email | Attribute | network protocol |
+ send email | Capability | Execution |
+ manipulate network traffic | Capability | Effects |
+ compromise data integrity | Capability | Effects |
suicide exit | Attribute | trigger type |
suicide exit | Capability | Execution |
+ install secondary program | Capability | Execution |
+ install secondary program | Capability | Persistence |
delete SMS warning messages | Capability | Defense Evasion |
& Disabling Security Tools | Capability | Defense Evasion |
memory dump obstruction | Capability | Anti-Behavioral Analysis |
+ SMTP connection discovery | Capability | Discovery |
& Lock User Out of Device (mobile) | Capability | Effects |
+ hijack system resources | Capability | Effects |
& Generate Fraudulent Advertising Revenue (mobile) | Capability | Effects |
& Wipe Device Data (mobile) | Capability | Effects |
+ destroy hardware | Capability | Effects |
secondary CPU execution | Capability | Defense Evasion |
& Bootkit | Capability | Defense Evasion |
flow-oriented disassembler prevention | Capability | Anti-Static Analysis |
call graph prevention | Capability | Anti-Static Analysis |
linear disassembler prevention | Capability | Anti-Static Analysis |
debugger prevention | Capability | Anti-Behavioral Analysis |
sandbox detect & evade | Attribute | technique |
sandbox detect & evade | Attribute | applicable platform |
sandbox detect & evade | Attribute | targeted sandbox |
sandbox detect & evade | Capability | Anti-Behavioral Analysis |
sandbox obstruction | Attribute | targeted sandbox |
sandbox obstruction | Capability | Anti-Behavioral Analysis |
virtual machine detect & evade | Attribute | technique |
virtual machine detect & evade | Attribute | applicable platform |
virtual machine detect & evade | Attribute | targeted VM |
virtual machine detect & evade | Capability | Anti-Behavioral Analysis |
domain name generation | Capability | Command and Control |
debugger detect & evade | Attribute | technique |
debugger detect & evade | Attribute | applicable platform |
debugger detect & evade | Capability | Anti-Behavioral Analysis |
code encryption | Attribute | encryption algorithm |
prevent concurrent execution | Capability | Execution |
emulator detect & evade | Capability | Anti-Behavioral Analysis |
Timing/Delay Checks | Behavior | debugger detect & evade |
Timing/Date Checks | Behavior | sandbox detect & evade |
emulator prevention | Capability | Anti-Behavioral Analysis |