Page values for "Ema-1015"

Jump to navigation Jump to search

"Behaviors" values

Associated_Attributes
Associated_CapabilitiesDefense Evasion
Aliases

"Pages" values

Name& Rootkit
Title_IconBehavior.png
Description

A Rootkit may have the following capabilities:

  • Hide Kernel Modules - hides the usage of any kernel modules by the malware instance.
  • Hide Services - hides any system services that the malware instance creates or injects itself into.
  • Hide Threads - hides one or more threads that belong to the malware instance.
  • Hide Userspace Libraries - hides the usage of userspace libraries by the malware instance.
  • Prevent API Unhooking - prevents the API hooks installed by the malware instance from being removed.
  • Prevent Registry Access - prevents access to the Windows registry, including to the entire registry and/or to particular registry keys/values.
  • Prevent Registry Deletion - prevent Windows registry keys and/or values associated with the malware instance from being deleted from a system.
  • Prevent File Access - prevents access to the file system, including to specific files and/or directories associated with the malware instance.
  • Prevent File Deletion - prevents files and/or directories associated with the malware instance from being deleted from a system.
  • Prevent Memory Access - prevents access to system memory where the malware instance may be storing code or data.
  • Prevent Native API Hooking - prevents other software from hooking native system APIs.

"Associations" values

Association_TypeCapability
Associated_PageDefense Evasion