All public logs

Jump to navigation Jump to search

Combined display of all available logs of ema. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View (newer 20 | ) (20 | 50 | 100 | 250 | 500)
  • 16:07, 30 September 2020 127.0.0.1 talk created page smw/schema:Group:Exif special properties (Semantic Extra Special Properties import)
  • 16:07, 30 September 2020 127.0.0.1 talk created page smw/schema:Group:Extra special properties (Semantic Extra Special Properties import)
  • 16:07, 30 September 2020 127.0.0.1 talk created page smw/schema:Group:Schema properties (Semantic MediaWiki group import)
  • 20:01, 14 November 2018 Dbeck talk contribs deleted page c2 communication (content was: "{{Behavior |Name=code insertion |Description=Inserting code to impede disassembly. '''Examples:''' * Dead Code Insertion: Inclusion of "dead" code in the malware instance with no real functionality but with the intent of impeding disas...")
  • 12:40, 22 October 2018 Dbeck talk contribs restored page & Generate Fraudulent Advertising Revenue (mobile) (10 revisions)
  • 12:16, 18 October 2018 Dbeck talk contribs deleted page Ema-1226 (content was: "{{Behavior |Name=prevent native API hooking |Description=The 'prevent native api hooking' Behavior prevents other software from hooking native system APIs. |Associated Capabilities=Ema-1028 }}")
  • 12:12, 18 October 2018 Dbeck talk contribs deleted page Ema-1183 (content was: "{{Behavior |Name=prevent memory access |Description=The 'prevent memory access' Behavior prevents access to system memory where the malware instance may be storing code or data. |Associated Capabilities=Ema-1028 }}")
  • 11:53, 18 October 2018 Dbeck talk contribs deleted page Ema-1182 (content was: "{{Behavior |Name=prevent registry deletion |Description=The 'prevent registry deletion' Behavior prevent Windows registry keys and/or values associated with the malware instance from being deleted from a system. |Associated Capabilities=...")
  • 11:50, 18 October 2018 Dbeck talk contribs deleted page Ema-1185 (content was: "{{Behavior |Name=prevent registry access |Description=The 'prevent registry access' Behavior prevents access to the Windows registry, including to the entire registry and/or to particular registry keys/values. |Associated Capabilities=Em...")
  • 11:48, 18 October 2018 Dbeck talk contribs deleted page Ema-1181 (content was: "{{Behavior |Name=prevent file deletion |Description=The 'prevent file deletion' Behavior prevents files and/or directories associated with the malware instance from being deleted from a system. |Associated Capabilities=Ema-1028 }}")
  • 11:47, 18 October 2018 Dbeck talk contribs deleted page Ema-1184 (content was: "{{Behavior |Name=prevent file access |Description=The 'prevent file access' Behavior prevents access to the file system, including to specific files and/or directories associated with the malware instance. |Associated Capabilities=Ema-10...")
  • 11:46, 18 October 2018 Dbeck talk contribs deleted page Ema-1180 (content was: "{{Behavior |Name=prevent API unhooking |Description=The 'prevent api unhooking' Behavior prevent the API hooks installed by the malware instance from being removed. |Associated Capabilities=Ema-1028 }}")
  • 11:42, 18 October 2018 Dbeck talk contribs deleted page Ema-1222 (content was: "{{Behavior |Name=hide userspace libraries: Rootkit |Description=The 'hide userspace libraries' Behavior hides the usage of userspace libraries by the malware instance. |Associated Capabilities=Ema-1028 }}")
  • 11:42, 18 October 2018 Dbeck talk contribs deleted page Ema-1218 (content was: "{{Behavior |Name=hide threads: Rootkit |Description=The 'hide threads' Behavior hides one or more threads that belong to the malware instance. |Associated Capabilities=Ema-1028 }}")
  • 11:42, 18 October 2018 Dbeck talk contribs deleted page Ema-1219 (content was: "{{Behavior |Name=hide services: Rootkit |Description=The 'hide services' Behavior hides any system services that the malware instance creates or injects itself into. |Associated Capabilities=Ema-1028 }}")
  • 11:40, 18 October 2018 Dbeck talk contribs deleted page Ema-1149 (content was: "{{Behavior |Name=disable system file overwrite protection: Disabling Security Tools |Description=The ‘disable system file overwrite protection’ Behavior disables system file overwrite protection mechanisms such as Windows file protec...")
  • 16:54, 17 October 2018 Dbeck talk contribs deleted page Ema-1223 (content was: "{{Behavior |Name=execute stealthy code |Description=The 'execute stealthy code' Behavior executes some or all of the code of the malware instance in a hidden manner (e.g., by injecting it into a benign process). |Associated Capabilities=...")
  • 16:52, 17 October 2018 Dbeck talk contribs deleted page Ema-1252 (content was: "{{Behavior |Name=evade static heuristic |Description=Some AV can be easily fool by analyzing it. For example, an heuristic engine can try to figure out if a file are using a dual extension (e.g: invoice.doc.exe) and determine the file as...")
  • 16:15, 14 October 2018 Dbeck talk contribs deleted page Ema-1134 (content was: "{{Behavior |Name=log activity |Description=The 'log activity' Behavior logs the activity of the malware instance. |Associated Capabilities=Ema-1011 |References= }}")
  • 15:57, 14 October 2018 Dbeck talk contribs deleted page Ema-1209 (content was: "{{Behavior |Name=persist after system reboot |Description=The 'persist after system reboot' Behavior continues the execution of the malware instance after a system reboot. |Associated Attributes=Attribute:27 |Associated Capabilities=Ema-...")
(newest | oldest) View (newer 20 | ) (20 | 50 | 100 | 250 | 500)