All public logs

Jump to navigation Jump to search

Combined display of all available logs of ema. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
  • 08:16, 27 July 2018 Dbeck talk contribs deleted page Ema-1094 (content was: "{{Behavior Instance |Associated Behavior=Ema-1111 |Name=API Call: DeviceIoControlFile |Description=Hooking Nt/ZwDeviceIoControlFile can allow for network sniffing by inspecting the data on a network interface, through its device driver....")
  • 08:15, 27 July 2018 Dbeck talk contribs deleted page Ema-1093 (content was: "{{Behavior Instance |Associated Behavior=Ema-1111 |Name=API Call: HttpSendRequest |Description=Hooking HttpSendRequest can allow for the sniffing of data contained inside HTTP requests, which may include web/network credentials. |Privile...")
  • 08:14, 27 July 2018 Dbeck talk contribs deleted page Ema-1106 (content was: "{{Behavior Instance |Associated Behavior=Ema-1232 |Name=API Call: TranslateMessage |Description=The capture keyboard input behavior...", and the only contributor was "Cicalese" (talk))
  • 07:53, 27 July 2018 Dbeck talk contribs deleted page Ema-1176 (content was: "{{Behavior |Name=mine for cryptocurrency |Description=The 'mine for cryptocurrency' Behavior consumes system resources for cryptocurrency (e.g., Bitcoin, Litecoin, etc.) mining. |Associated Attributes=Attribute:7 |Associated Capabilities...")
  • 07:36, 27 July 2018 Dbeck talk contribs deleted page Ema-1234 (content was: "{{Behavior |Name=detect installed analysis tools |Description=Indicates that the malware instance attempts to detect whether certain analysis tools are present on the system on which it is executing. |Associated Capabilities=Ema-1026 }}")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page Self Debugging (content was: "{{Capability |Name=availability violation |Description=Indicates that the malware instance is able to compromise the availability of a system or some aspect of the system. |Associated Attributes=Attribute:7 }}")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page resource compression (content was: "{{Subcapability |Name=compromise system availability |Description=Indicates that the malware instance is able to compromise the availability of the local system on which it is executing and/or one or more remote systems. |Associated Capa...")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page Ema-1040 (content was: "{{Subcapability |Name=consume system resources |Description=Indicates that the malware instance is able to consume system resources for its own purposes, such as password cracking. |Associated Capabilities=Ema-1003 }}")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page debugger obstruction (content was: "{{Subcapability |Name=compromise data availability |Description=Indicates that the malware instance is able to compromise the availability of data on the local system on which it is executing and/or one or more remote systems. |Associate...")
  • 16:50, 17 July 2018 Dbeck talk contribs deleted page + windows shutdown event (content was: "{{Subcapability |Name=install other components |Description=Indicates that the malware instance is able to install additional components. This encompasses the dropping/downloading of other malicious components such as libraries, other ma...")
  • 16:50, 17 July 2018 Dbeck talk contribs deleted page Interrupt Hooking (content was: "{{Subcapability |Name=email spam |Description=Indicates that the malware instance is able to send spam email messages. |Associated Attributes=Attribute:5 |Associated Capabilities=Ema-1011 }}")
  • 16:29, 17 July 2018 Dbeck talk contribs deleted page c2 communication (content was: "{{Capability |Name=integrity violation |Description=Indicates that the malware instance is able to compromise the integrity of a system. }}")
  • 16:29, 17 July 2018 Dbeck talk contribs deleted page sandbox prevention (content was: "{{Subcapability |Name=data integrity violation |Description=Indicates that the malware instance is able to compromise the integrity of some data that resides on (e.g., in the case of files) or is received/transmitted (e.g., in the case o...")
  • 16:27, 17 July 2018 Dbeck talk contribs deleted page & Obfuscated Files or Information (content was: "{{Capability |Name=security degradation |Description=Indicates that the malware instance is able to bypass or disable security features and/or controls. |Associated Attributes=Attribute:17 }}")
  • 16:27, 17 July 2018 Dbeck talk contribs deleted page Ema-1034 (content was: "{{Subcapability |Name=security software degradation |Description=Indicates that the malware instance is able to bypass or disable security programs running on a system, either by stopping them from executing or by making changes to their...")
  • 16:26, 17 July 2018 Dbeck talk contribs deleted page polymorphic code (content was: "{{Subcapability |Name=service provider security feature degradation |Description=Indicates that the malware instance is able to bypass or disable mobile device service provider security features that would otherwise identify or notify us...")
  • 16:26, 17 July 2018 Dbeck talk contribs deleted page api hooking (content was: "{{Subcapability |Name=OS security feature degradation |Description=Indicates that the malware instance is able to bypass or disable operating system (OS) security mechanisms. |Associated Capabilities=Ema-1004 }}")
  • 09:33, 16 July 2018 Dbeck talk contribs deleted page + analysis tool discovery (content was: "{{Capability |Name=anti-removal |Description=Indicates that the malware instance is able to prevent itself and its components from being removed from a system. }}")
  • 09:31, 16 July 2018 Dbeck talk contribs deleted page Ema-1041 (content was: "{{Subcapability |Name=prevent artifact deletion |Description=Indicates that the malware instance is able to prevent its artifacts (e.g., files, registry keys, etc.) from being deleted. |Associated Capabilities=Ema-1005 }}")
  • 09:05, 16 July 2018 Dbeck talk contribs deleted page Ema-1042 (content was: "{{Subcapability |Name=prevent artifact access |Description=Indicates that the malware instance is able to prevent its artifacts (e.g., files, registry keys, etc.) from being accessed. |Associated Capabilities=Ema-1005 }}")
  • 02:35, 16 July 2018 Dbeck talk contribs deleted page Ema-1052 (content was: "{{Subcapability |Name=continuous execution |Description=Indicates that the malware instance is able to continue to execute on a system after significant system events, such as a system reboot. |Associated Capabilities=Ema-1016 }}")
  • 02:34, 16 July 2018 Dbeck talk contribs deleted page Ema-1053 (content was: "{{Subcapability |Name=system re-infection |Description=Indicates that the malware instance is able to re-infect a system after one or more of its components have been removed. |Associated Capabilities=Ema-1016 }}")
  • 02:32, 16 July 2018 Dbeck talk contribs deleted page exploitation for analysis evasion (content was: "{{Subcapability |Name=input peripheral capture |Description=Indicates that the malware instance is able to capture data from a system's input peripheral devices, such as a keyboard or mouse. |Associated Capabilities=Ema-1012 }}")
  • 02:30, 16 July 2018 Dbeck talk contribs deleted page Ema-1054 (content was: "{{Subcapability |Name=remote machine infection |Description=Indicates that the malware instance is able to self-propagate to a remote machine or infect a machine with malware that is different than itself. |Associated Attributes=Attribut...")
  • 02:27, 16 July 2018 Dbeck talk contribs deleted page + private api exploitation (Mobile) (content was: "{{Subcapability |Name=authentication credentials theft |Description=Indicates that the malware instance is able to steal authentication credentials. |Associated Capabilities=Ema-1014 }}")
  • 02:23, 16 July 2018 Dbeck talk contribs deleted page Ema-1059 (content was: "{{Subcapability |Name=send data to c2 server |Description=Indicates that the malware instance is able to send some data to a command and control server. |Associated Capabilities=Ema-1017 }}")
  • 02:22, 16 July 2018 Dbeck talk contribs deleted page Ema-1057 (content was: "{{Subcapability |Name=receive data from c2 server |Description=Indicates that the malware instance is able to receive some data from a command and control server. |Associated Attributes=Attribute:5 |Associated Capabilities=Ema-1017 }}")
  • 02:20, 16 July 2018 Dbeck talk contribs deleted page Ema-1056 (content was: "{{Subcapability |Name=determine c2 server |Description=Indicates that the malware instance is able to identify one or more command and control (C2) servers with which to communicate. |Associated Capabilities=Ema-1017 }}")
  • 15:17, 15 July 2018 Dbeck talk contribs deleted page Ema-1044 (content was: "{{Subcapability |Name=virtual entity destruction |Description=Indicates that the malware instance is able to destroy a virtual entity. |Associated Capabilities=Ema-1002 }}")
  • 15:16, 15 July 2018 Dbeck talk contribs deleted page Ema-1045 (content was: "{{Subcapability |Name=physical entity destruction |Description=Indicates that the malware instance is able to destroy physical entities. |Associated Capabilities=Ema-1002 }}")
  • 15:10, 15 July 2018 Dbeck talk contribs deleted page & Rootkit (content was: "{{Capability |Name=anti-static analysis |Description=Indicates that the malware instance is able to prevent static/code analysis or make it more difficult. }}")
  • 15:09, 15 July 2018 Dbeck talk contribs deleted page Ema-1067 (content was: "{{Subcapability |Name=anti-debugging |Description=Indicates that the malware instance is able to prevent itself from being debugged and/or from being run in a debugger or is able to make debugging more difficult. |Associated Capabilities...")
  • 15:09, 15 July 2018 Dbeck talk contribs deleted page Anti-Static Analysis (content was: "{{Capability |Name=anti-detection |Description=Indicates that the malware instance is able to prevent itself and its components from being detected on a system. }}")
  • 15:09, 15 July 2018 Dbeck talk contribs deleted page Ema-1060 (content was: "{{Subcapability |Name=self-modification |Description=Indicates that the malware instance is able to modify itself. |Associated Attributes=Attribute:16 |Associated Capabilities=Ema-1010 }}")
  • 15:08, 15 July 2018 Dbeck talk contribs deleted page Ema-1064 (content was: "{{Subcapability |Name=anti-disassembly |Description=Indicates that the malware instance is able to prevent itself from being disassembled or make disassembly more difficult. |Associated Capabilities=Ema-1015 }}")
  • 15:08, 15 July 2018 Dbeck talk contribs deleted page Ema-1062 (content was: "{{Subcapability |Name=anti-memory forensics |Description=Indicates that the malware instance is able to prevent or make memory forensics more difficult. |Associated Capabilities=Ema-1015 }}")
  • 15:06, 15 July 2018 Dbeck talk contribs deleted page Ema-1061 (content was: "{{Subcapability |Name=security software evasion |Description=Indicates that the malware instance is able to evade security software (e.g., anti-virus tools). |Associated Capabilities=Ema-1010 }}")
  • 15:06, 15 July 2018 Dbeck talk contribs deleted page Ema-1058 (content was: "{{Subcapability |Name=hide executing code |Description=Indicates that the malware instance is able to hide its executing code. |Associated Capabilities=Ema-1010 }}")
  • 15:06, 15 July 2018 Dbeck talk contribs deleted page Privilege Escalation (content was: "{{Subcapability |Name=anti-virus evasion |Description=Indicates that the malware instance is able to evade detection by anti-virus tools. |Associated Capabilities=Ema-1010 |References={{Reference |URL=http://unprotect.tdgt.org/index.php/...")
  • 15:05, 15 July 2018 Dbeck talk contribs deleted page Credential Access (content was: "{{Capability |Name=anti-behavioral analysis |Description=Indicates that the malware instance is able to prevent behavioral analysis or make it more difficult. |Associated Attributes=Attribute:4, Attribute:3 |Aliases=anti-runtime analysis }}")
  • 15:03, 15 July 2018 Dbeck talk contribs deleted page Ema-1264 (content was: "{{Subcapability |Name=anti-emulation |Description=Indicates that the malware is able to prevent itself from being executed in an emulator or make the emulation process more difficult. |Associated Capabilities=Ema-1018 }}")
  • 15:02, 15 July 2018 Dbeck talk contribs deleted page Ema-1068 (content was: "{{Subcapability |Name=anti-sandbox |Description=Indicates that the malware instance is able to prevent sandbox-based behavioral analysis or make it more difficult. |Associated Attributes=Attribute:3 |Associated Capabilities=Ema-1018 }}")
  • 15:02, 15 July 2018 Dbeck talk contribs deleted page Ema-1065 (content was: "{{Subcapability |Name=anti-VM |Description=Indicates that the malware instance is able to prevent virtual machine (VM) based behavioral analysis or make it more difficult. |Associated Attributes=Attribute:4 |Associated Capabilities=Ema-1...")
  • 15:01, 15 July 2018 Dbeck talk contribs deleted page Monitoring thread (content was: "{{Subcapability |Name=environment awareness |Description=Indicates that the malware instance can fingerprint or otherwise identify the environment in which it is executing, for the purpose of altering its behavior based on this environme...")
  • 11:01, 14 May 2018 Ikirillov talk contribs deleted page Ema-1063 (content was: "{{Subcapability |Name=hide artifacts |Description=Indicates that the malware instance is able to hide its artifacts, such as files and open ports. |Associated Capabilities=Ema-1010 }}")
  • 11:00, 14 May 2018 Ikirillov talk contribs deleted page Ema-1167 (content was: "{{Behavior |Name=hide file system artifacts |Description=The 'hide file system artifacts' Behavior hides one or more file system artifacts (e.g., files and/or directories) associated with the malware instance. |Associated Capabilities=Em...")
  • 11:00, 14 May 2018 Ikirillov talk contribs deleted page Ema-1168 (content was: "{{Behavior |Name=hide network traffic |Description=The 'hide network traffic' Behavior hides network traffic associated with the malware instance. |Associated Capabilities=Ema-1063 |References= }}")
  • 10:59, 14 May 2018 Ikirillov talk contribs deleted page Ema-1170 (content was: "{{Behavior |Name=hide open network ports |Description=The 'hide open network ports' Behavior hides one or more open network ports associated with the malware instance. |Associated Capabilities=Ema-1063 |References= }}")
  • 10:59, 14 May 2018 Ikirillov talk contribs deleted page Ema-1166 (content was: "{{Behavior |Name=hide registry artifacts |Description=The 'hide registry artifacts' Behavior hides one or more Windows registry artifacts (e.g., keys and/or values) associated with the malware instance. |Associated Capabilities=Ema-1063...")
  • 10:58, 14 May 2018 Ikirillov talk contribs deleted page Ema-1169 (content was: "{{Behavior |Name=obfuscate artifact properties |Description=The 'obfuscate artifact properties' Behavior hides the properties of one or more artifacts associated with the malware instance (e.g., by altering file system timestamps). |Asso...")
  • 12:35, 25 April 2018 Ikirillov talk contribs deleted page Ema-1242 (content was: "{{Behavior |Name=validate data |Description=The 'validate data' Behavior validates the integrity of data received from a command and control server. |Associated Capabilities=Ema-1057 |References= }}")
  • 12:34, 25 April 2018 Ikirillov talk contribs deleted page illusionary issues (content was: "{{Subcapability |Name=clean traces of infection |Description=Indicates that the malware instance is able to clean traces of its infection (e.g., file system artifacts) from a system. |Associated Capabilities=Ema-1011 }}")
  • 12:33, 25 April 2018 Ikirillov talk contribs deleted page Ema-1139 (content was: "{{Behavior |Name=remove self |Description=The 'remove self' Behavior removes the malware instance from the system on which it is executing. |Associated Capabilities=Ema-1031 |References= }}")
  • 12:25, 25 April 2018 Ikirillov talk contribs deleted page Ema-1140 (content was: "{{Behavior |Name=remove system artifacts |Description=The 'remove system artifacts' Behavior removes artifacts associated with the malware instance (e.g., files, directories, Windows registry keys, etc.) from the system on which it is ex...")
  • 12:18, 25 April 2018 Ikirillov talk contribs deleted page Ema-1108 (content was: "{{Behavior |Name=steal browser cookies |Description=The 'steal browser cookies' Behavior steals one or more browser cookies stored on the system on which the malware instance is executing. |Associated Capabilities=Ema-1020 |References={{...")
  • 12:17, 25 April 2018 Ikirillov talk contribs deleted page Ema-1107 (content was: "{{Behavior |Name=steal digital certificates |Description=The 'steal digital certificates' Behavior steals one or more digital private keys that may be present on the system on which the malware instance is executing, to then use to hijac...")
  • 12:16, 25 April 2018 Ikirillov talk contribs deleted page Ema-1110 (content was: "{{Behavior |Name=steal password hashes |Description=The 'steal password hashes' Behavior steals password hashes. |Associated Capabilities=Ema-1020 |References= }}")
  • 12:16, 25 April 2018 Ikirillov talk contribs deleted page Ema-1109 (content was: "{{Behavior |Name=steal PKI key |Description=The 'steal PKI key' Behavior steals one or more public key infrastructure (PKI) keys. |Associated Capabilities=Ema-1020 |References= }}")
  • 11:27, 25 April 2018 Ikirillov talk contribs deleted page & Hooking (content was: "{{Subcapability |Name=stored information theft |Description=Indicates that the malware instance is able to steal information stored on a system (e.g., files). |Associated Capabilities=Ema-1014 }}")
  • 11:26, 25 April 2018 Ikirillov talk contribs deleted page Ema-1118 (content was: "{{Behavior |Name=steal cryptocurrency data |Description=The 'steal cryptocurrency data' Behavior steals cryptocurrency data that may be stored on a system (e.g., Bitcoin wallets). |Associated Capabilities=Ema-1021 |References= }}")
  • 11:25, 25 April 2018 Ikirillov talk contribs deleted page Ema-1119 (content was: "{{Behavior |Name=steal database content |Description=The 'steal database content' Behavior steals content from a database that the malware instance may be able to access. |Associated Capabilities=Ema-1021 |References= }}")
  • 11:25, 25 April 2018 Ikirillov talk contribs deleted page Ema-1250 (content was: "{{Behavior |Name=steal documents |Description=The 'steal documents' Behavior steals document files (e.g., PDF) stored on a system. |Associated Capabilities=Ema-1021 |References= }}")
  • 11:25, 25 April 2018 Ikirillov talk contribs deleted page Ema-1117 (content was: "{{Behavior |Name=steal images |Description=The 'steal images' Behavior steals image files that may be stored on a system. |Associated Capabilities=Ema-1021 |References= }}")
  • 11:24, 25 April 2018 Ikirillov talk contribs deleted page Ema-1249 (content was: "{{Behavior |Name=steal serial numbers |Description=The 'steal serial numbers' Behavior steals serial numbers stored on a system. |Associated Capabilities=Ema-1021 |References= }}")
  • 11:24, 25 April 2018 Ikirillov talk contribs deleted page + surreptitious application installation (content was: "{{Subcapability |Name=user data theft |Description=Indicates that the malware instance is able to steal data associated with one or more users (e.g., browser history). |Associated Capabilities=Ema-1014 }}")
  • 11:24, 25 April 2018 Ikirillov talk contribs deleted page Ema-1248 (content was: "{{Behavior |Name=steal browser cache |Description=The 'steal browser cache' Behavior steals a user's browser cache. |Associated Attributes=Attribute:8 |Associated Capabilities=Ema-1022 |References= }}")
  • 11:23, 25 April 2018 Ikirillov talk contribs deleted page Ema-1114 (content was: "{{Behavior |Name=steal browser history |Description=The 'steal browser history' Behavior steals a user's browser history. |Associated Capabilities=Ema-1022 |References= }}")
  • 11:23, 25 April 2018 Ikirillov talk contribs deleted page Ema-1112 (content was: "{{Behavior |Name=steal contact list data |Description=The 'steal contact list data' Behavior steals a user's contact list. |Associated Capabilities=Ema-1022 |References={{Reference |Date=2015/02/06 |Malware Family=XAgent |URL=http://www....")
  • 11:23, 25 April 2018 Ikirillov talk contribs deleted page Ema-1116 (content was: "{{Behavior |Name=steal dialed phone numbers |Description=The 'steal dialed phone numbers' Behavior steals the list of phone numbers that a user has dialed (i.e. on a mobile device). |Associated Capabilities=Ema-1022 |References= }}")
  • 11:22, 25 April 2018 Ikirillov talk contribs deleted page Ema-1251 (content was: "{{Behavior |Name=steal email data |Description=The 'steal email data' Behavior steals a user's email data. |Associated Attributes=Attribute:8, Attribute:9 |Associated Capabilities=Ema-1022 |References= }}")
  • 11:22, 25 April 2018 Ikirillov talk contribs deleted page Ema-1113 (content was: "{{Behavior |Name=steal referrer URLs |Description=The 'steal referrer URLs' Behavior steals HTTP referrer information (URL of the webpage that linked to the resource being requested). |Associated Capabilities=Ema-1022 |References= }}")
  • 11:21, 25 April 2018 Ikirillov talk contribs deleted page Ema-1115 (content was: "{{Behavior |Name=steal SMS database |Description=The 'steal SMS database' Behavior steals a user's short message service (SMS) (text messaging) database (i.e. on a mobile device). |Associated Capabilities=Ema-1022 |References={{Reference...")
  • 10:59, 25 April 2018 Ikirillov talk contribs deleted page Anti-Behavioral Analysis (content was: "{{Subcapability |Name=system operational integrity violation |Description=Indicates that the malware instance is able to compromise the operational integrity of the system on which it is executing and/or one or more remote systems, e.g.,...")
  • 10:58, 25 April 2018 Ikirillov talk contribs deleted page Ema-1231 (content was: "{{Behavior |Name=detect installed anti-virus tools |Description=Indicates that the malware instance attempts to detect whether certain anti-virus tools are present on the system on which it is executing. |Associated Capabilities=Ema-1034 }}")
  • 10:58, 25 April 2018 Ikirillov talk contribs deleted page Ema-1152 (content was: "{{Behavior |Name=prevent security software from executing |Description=The 'prevent security software from executing' Behavior prevents one or more instances of security software from executing on a system. |Associated Attributes=Attribu...")
  • 10:55, 25 April 2018 Ikirillov talk contribs deleted page & Component Firmware (content was: "{{Subcapability |Name=system update degradation |Description=Indicates that the malware instance is able to disable the downloading and installation of system updates and patches. |Associated Capabilities=Ema-1004 }}")
  • 10:55, 25 April 2018 Ikirillov talk contribs deleted page Ema-1148 (content was: "{{Behavior |Name=disable update services/daemons |Description=The 'disable update services/daemons' Behavior disables system update services or daemons that may be already be running on the system on which the malware instance is executi...")
  • 10:55, 25 April 2018 Ikirillov talk contribs deleted page Ema-1150 (content was: "{{Behavior |Name=disable service pack/patch installation |Description=The 'disable service pack/patch installation' Behavior disables the system's ability to install service packs and/or patches. |Associated Capabilities=Ema-1033 |Refere...")
  • 10:53, 25 April 2018 Ikirillov talk contribs deleted page Ema-1036 (content was: "{{Subcapability |Name=access control degradation |Description=Indicates that the malware instance is able to bypass or disable access control mechanisms designed to prevent unauthorized or unprivileged use or execution of applications or...")
  • 10:53, 25 April 2018 Ikirillov talk contribs deleted page Ema-1142 (content was: "{{Behavior |Name=disable privilege limiting |Description=The 'disable privilege limiting' Behavior bypasses or disables mechanisms that limit the privileges that can be granted to a user or entity. |Associated Capabilities=Ema-1036 |Refe...")
  • 10:53, 25 April 2018 Ikirillov talk contribs deleted page Ema-1144 (content was: "{{Behavior |Name=disable firewall |Description=The ‘disable firewall’ Behavior evades or disables the host-based firewall running on the system on which the malware instance is executing. |Associated Capabilities=Ema-1036 |References...")
  • 10:52, 25 April 2018 Ikirillov talk contribs deleted page Ema-1143 (content was: "{{Behavior |Name=disable access rights checking |Description=The ‘disable access rights checking’ Behavior bypasses, disables, or modifies access tokens or access control lists, thereby enabling the malware instance to read, write, o...")
  • 15:46, 24 April 2018 Ikirillov talk contribs deleted page Ema-1055 (content was: "{{Subcapability |Name=file infection |Description=Indicates that the malware instance is able to infect one or more files. |Associated Attributes=Attribute:15, Attribute:11, Attribute:14, Attribute:13 |Associated Capabilities=Ema-1009 }}")
  • 15:46, 24 April 2018 Ikirillov talk contribs deleted page Ema-1243 (content was: "{{Behavior |Name=identify file |Description=The 'identify file' Behavior identifies one or more files on a local, removable, and/or network drive for infection. |Associated Attributes=Attribute:13,Attribute:14 |Associated Capabilities=Em...")
  • 15:45, 24 April 2018 Ikirillov talk contribs deleted page Ema-1217 (content was: "{{Behavior |Name=modify file |Description=The 'modify file' Behavior modifies a file in some other manner than writing code to it, such as packing it (in terms of binary executable packing). |Associated Attributes=Attribute:13,Attribute:...")
  • 15:45, 24 April 2018 Ikirillov talk contribs deleted page Ema-1245 (content was: "{{Behavior |Name=write code into file |Description=The 'write code into file' Behavior writes code into one or more files. |Associated Attributes=Attribute:13,Attribute:14,Attribute:15 |Associated Capabilities=Ema-1055 |References= }}")
  • 15:45, 24 April 2018 Ikirillov talk contribs deleted page Ema-1262 (content was: "{{Behavior |Name=file system instantiation |Description=Indicates that the malware instance instantiates itself on the file syst...", and the only contributor was "Ikirillov" (talk))
  • 15:44, 24 April 2018 Ikirillov talk contribs deleted page Ema-1214 (content was: "{{Behavior |Name=identify target machines |Description=The 'identify target machine(s)' Behavior identifies one or more machines to be targeted for infection via some remote means (e.g., via email or the network). |Associated Capabilitie...")
  • 15:44, 24 April 2018 Ikirillov talk contribs deleted page Ema-1215 (content was: "{{Behavior |Name=inventory victims |Description=The 'inventory victims' Behavior keeps an inventory of the victims that are remotely infected by the malware instance. |Associated Capabilities=Ema-1054 |References= }}")
  • 15:44, 24 April 2018 Ikirillov talk contribs deleted page Ema-1213 (content was: "{{Behavior |Name=social-engineering based remote infection |Description=The 'social-engineering based remote infection' Behavior infects remote machines via some method that involves social engineering (e.g., sending an email with a mali...")
  • 15:43, 24 April 2018 Ikirillov talk contribs deleted page Screen Resolution Testing (content was: "{{Capability |Name=machine access/control |Description=Indicates that the malware instance is able to access or control one or more remote machines and/or the machine on which it is executing. |Associated Attributes=Attribute:21 }}")
  • 15:43, 24 April 2018 Ikirillov talk contribs deleted page Ema-1128 (content was: "{{Behavior |Name=install backdoor |Description=The 'install backdoor' Behavior installs a backdoor on the system on which the malware instance is executing, capable of providing covert remote access to the system. |Associated Capabilitie...")
  • 15:43, 24 April 2018 Ikirillov talk contribs deleted page Defense Evasion (content was: "{{Subcapability |Name=local machine control |Description=Indicates that the malware instance is able to control the machine on which it is executing. |Associated Capabilities=Ema-1000 }}")
  • 15:43, 24 April 2018 Ikirillov talk contribs deleted page Ema-1129 (content was: "{{Behavior |Name=control local machine via remote command |Description=The 'control local machine via remote command' Behavior controls the machine on which the malware instance is executing, through one or more remotely sent commands. |...")
  • 15:42, 24 April 2018 Ikirillov talk contribs deleted page + malicious network driver (content was: "{{Subcapability |Name=remote machine access |Description=Indicates that the malware instance is able to access one or more remote machines. |Associated Capabilities=Ema-1000 }}")
  • 15:42, 24 April 2018 Ikirillov talk contribs deleted page Ema-1130 (content was: "{{Behavior |Name=compromise remote machine |Description=The 'compromise remote machine' Behavior gains control of a remote machine through compromise, e.g., by exploiting a particular vulnerability. |Associated Capabilities=Ema-1029 |Ref...")
  • 15:42, 24 April 2018 Ikirillov talk contribs deleted page Ema-1131 (content was: "{{Behavior |Name=search for remote machines |Description=The 'search for remote machines' Behavior searches for one or more remote machines to target. |Associated Capabilities=Ema-1000 |References= }}")
  • 11:20, 24 April 2018 Ikirillov talk contribs deleted page Timing/Date Checks (content was: "{{Capability |Name=data exfiltration |Description=Indicates that the malware instance is able to exfiltrate stolen data or perform tasks related to the exfiltration of stolen data. |Associated Attributes=Attribute:1, Attribute:2 }}")
  • 11:20, 24 April 2018 Ikirillov talk contribs deleted page Ema-1038 (content was: "{{Subcapability |Name=data obfuscation |Description=Indicates that the malware is able to obfuscate data that will be exfiltrated. |Associated Capabilities=Ema-1007 }}")
  • 11:19, 24 April 2018 Ikirillov talk contribs deleted page Ema-1164 (content was: "{{Behavior |Name=hide data in other formats |Description=The 'hide data in other formats' Behavior hides data that will be exfiltrated in other formats (e.g., image files). |Associated Attributes=Attribute:2 |Associated Capabilities=Ema-...")
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)