All public logs

Jump to navigation Jump to search

Combined display of all available logs of ema. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
  • 08:16, 27 July 2018 Dbeck talk contribs deleted page Ema-1094 (content was: "{{Behavior Instance |Associated Behavior=Ema-1111 |Name=API Call: DeviceIoControlFile |Description=Hooking Nt/ZwDeviceIoControlFile can allow for network sniffing by inspecting the data on a network interface, through its device driver....")
  • 08:15, 27 July 2018 Dbeck talk contribs deleted page Ema-1093 (content was: "{{Behavior Instance |Associated Behavior=Ema-1111 |Name=API Call: HttpSendRequest |Description=Hooking HttpSendRequest can allow for the sniffing of data contained inside HTTP requests, which may include web/network credentials. |Privile...")
  • 08:14, 27 July 2018 Dbeck talk contribs deleted page Ema-1106 (content was: "{{Behavior Instance |Associated Behavior=Ema-1232 |Name=API Call: TranslateMessage |Description=The capture keyboard input behavior...", and the only contributor was "Cicalese" (talk))
  • 07:53, 27 July 2018 Dbeck talk contribs deleted page Ema-1176 (content was: "{{Behavior |Name=mine for cryptocurrency |Description=The 'mine for cryptocurrency' Behavior consumes system resources for cryptocurrency (e.g., Bitcoin, Litecoin, etc.) mining. |Associated Attributes=Attribute:7 |Associated Capabilities...")
  • 07:36, 27 July 2018 Dbeck talk contribs deleted page Ema-1234 (content was: "{{Behavior |Name=detect installed analysis tools |Description=Indicates that the malware instance attempts to detect whether certain analysis tools are present on the system on which it is executing. |Associated Capabilities=Ema-1026 }}")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page Self Debugging (content was: "{{Capability |Name=availability violation |Description=Indicates that the malware instance is able to compromise the availability of a system or some aspect of the system. |Associated Attributes=Attribute:7 }}")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page resource compression (content was: "{{Subcapability |Name=compromise system availability |Description=Indicates that the malware instance is able to compromise the availability of the local system on which it is executing and/or one or more remote systems. |Associated Capa...")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page Ema-1040 (content was: "{{Subcapability |Name=consume system resources |Description=Indicates that the malware instance is able to consume system resources for its own purposes, such as password cracking. |Associated Capabilities=Ema-1003 }}")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page debugger obstruction (content was: "{{Subcapability |Name=compromise data availability |Description=Indicates that the malware instance is able to compromise the availability of data on the local system on which it is executing and/or one or more remote systems. |Associate...")
  • 16:50, 17 July 2018 Dbeck talk contribs deleted page + windows shutdown event (content was: "{{Subcapability |Name=install other components |Description=Indicates that the malware instance is able to install additional components. This encompasses the dropping/downloading of other malicious components such as libraries, other ma...")
  • 16:50, 17 July 2018 Dbeck talk contribs deleted page Interrupt Hooking (content was: "{{Subcapability |Name=email spam |Description=Indicates that the malware instance is able to send spam email messages. |Associated Attributes=Attribute:5 |Associated Capabilities=Ema-1011 }}")
  • 16:29, 17 July 2018 Dbeck talk contribs deleted page c2 communication (content was: "{{Capability |Name=integrity violation |Description=Indicates that the malware instance is able to compromise the integrity of a system. }}")
  • 16:29, 17 July 2018 Dbeck talk contribs deleted page sandbox prevention (content was: "{{Subcapability |Name=data integrity violation |Description=Indicates that the malware instance is able to compromise the integrity of some data that resides on (e.g., in the case of files) or is received/transmitted (e.g., in the case o...")
  • 16:27, 17 July 2018 Dbeck talk contribs deleted page & Obfuscated Files or Information (content was: "{{Capability |Name=security degradation |Description=Indicates that the malware instance is able to bypass or disable security features and/or controls. |Associated Attributes=Attribute:17 }}")
  • 16:27, 17 July 2018 Dbeck talk contribs deleted page Ema-1034 (content was: "{{Subcapability |Name=security software degradation |Description=Indicates that the malware instance is able to bypass or disable security programs running on a system, either by stopping them from executing or by making changes to their...")
  • 16:26, 17 July 2018 Dbeck talk contribs deleted page polymorphic code (content was: "{{Subcapability |Name=service provider security feature degradation |Description=Indicates that the malware instance is able to bypass or disable mobile device service provider security features that would otherwise identify or notify us...")
  • 16:26, 17 July 2018 Dbeck talk contribs deleted page api hooking (content was: "{{Subcapability |Name=OS security feature degradation |Description=Indicates that the malware instance is able to bypass or disable operating system (OS) security mechanisms. |Associated Capabilities=Ema-1004 }}")
  • 09:33, 16 July 2018 Dbeck talk contribs deleted page + analysis tool discovery (content was: "{{Capability |Name=anti-removal |Description=Indicates that the malware instance is able to prevent itself and its components from being removed from a system. }}")
  • 09:31, 16 July 2018 Dbeck talk contribs deleted page Ema-1041 (content was: "{{Subcapability |Name=prevent artifact deletion |Description=Indicates that the malware instance is able to prevent its artifacts (e.g., files, registry keys, etc.) from being deleted. |Associated Capabilities=Ema-1005 }}")
  • 09:05, 16 July 2018 Dbeck talk contribs deleted page Ema-1042 (content was: "{{Subcapability |Name=prevent artifact access |Description=Indicates that the malware instance is able to prevent its artifacts (e.g., files, registry keys, etc.) from being accessed. |Associated Capabilities=Ema-1005 }}")
  • 02:35, 16 July 2018 Dbeck talk contribs deleted page Ema-1052 (content was: "{{Subcapability |Name=continuous execution |Description=Indicates that the malware instance is able to continue to execute on a system after significant system events, such as a system reboot. |Associated Capabilities=Ema-1016 }}")
  • 02:34, 16 July 2018 Dbeck talk contribs deleted page Ema-1053 (content was: "{{Subcapability |Name=system re-infection |Description=Indicates that the malware instance is able to re-infect a system after one or more of its components have been removed. |Associated Capabilities=Ema-1016 }}")
  • 02:32, 16 July 2018 Dbeck talk contribs deleted page exploitation for analysis evasion (content was: "{{Subcapability |Name=input peripheral capture |Description=Indicates that the malware instance is able to capture data from a system's input peripheral devices, such as a keyboard or mouse. |Associated Capabilities=Ema-1012 }}")
  • 02:30, 16 July 2018 Dbeck talk contribs deleted page Ema-1054 (content was: "{{Subcapability |Name=remote machine infection |Description=Indicates that the malware instance is able to self-propagate to a remote machine or infect a machine with malware that is different than itself. |Associated Attributes=Attribut...")
  • 02:27, 16 July 2018 Dbeck talk contribs deleted page + private api exploitation (Mobile) (content was: "{{Subcapability |Name=authentication credentials theft |Description=Indicates that the malware instance is able to steal authentication credentials. |Associated Capabilities=Ema-1014 }}")
  • 02:23, 16 July 2018 Dbeck talk contribs deleted page Ema-1059 (content was: "{{Subcapability |Name=send data to c2 server |Description=Indicates that the malware instance is able to send some data to a command and control server. |Associated Capabilities=Ema-1017 }}")
  • 02:22, 16 July 2018 Dbeck talk contribs deleted page Ema-1057 (content was: "{{Subcapability |Name=receive data from c2 server |Description=Indicates that the malware instance is able to receive some data from a command and control server. |Associated Attributes=Attribute:5 |Associated Capabilities=Ema-1017 }}")
  • 02:20, 16 July 2018 Dbeck talk contribs deleted page Ema-1056 (content was: "{{Subcapability |Name=determine c2 server |Description=Indicates that the malware instance is able to identify one or more command and control (C2) servers with which to communicate. |Associated Capabilities=Ema-1017 }}")
  • 15:17, 15 July 2018 Dbeck talk contribs deleted page Ema-1044 (content was: "{{Subcapability |Name=virtual entity destruction |Description=Indicates that the malware instance is able to destroy a virtual entity. |Associated Capabilities=Ema-1002 }}")
  • 15:16, 15 July 2018 Dbeck talk contribs deleted page Ema-1045 (content was: "{{Subcapability |Name=physical entity destruction |Description=Indicates that the malware instance is able to destroy physical entities. |Associated Capabilities=Ema-1002 }}")
  • 15:10, 15 July 2018 Dbeck talk contribs deleted page & Rootkit (content was: "{{Capability |Name=anti-static analysis |Description=Indicates that the malware instance is able to prevent static/code analysis or make it more difficult. }}")
  • 15:09, 15 July 2018 Dbeck talk contribs deleted page Ema-1067 (content was: "{{Subcapability |Name=anti-debugging |Description=Indicates that the malware instance is able to prevent itself from being debugged and/or from being run in a debugger or is able to make debugging more difficult. |Associated Capabilities...")
  • 15:09, 15 July 2018 Dbeck talk contribs deleted page Anti-Static Analysis (content was: "{{Capability |Name=anti-detection |Description=Indicates that the malware instance is able to prevent itself and its components from being detected on a system. }}")
  • 15:09, 15 July 2018 Dbeck talk contribs deleted page Ema-1060 (content was: "{{Subcapability |Name=self-modification |Description=Indicates that the malware instance is able to modify itself. |Associated Attributes=Attribute:16 |Associated Capabilities=Ema-1010 }}")
  • 15:08, 15 July 2018 Dbeck talk contribs deleted page Ema-1064 (content was: "{{Subcapability |Name=anti-disassembly |Description=Indicates that the malware instance is able to prevent itself from being disassembled or make disassembly more difficult. |Associated Capabilities=Ema-1015 }}")
  • 15:08, 15 July 2018 Dbeck talk contribs deleted page Ema-1062 (content was: "{{Subcapability |Name=anti-memory forensics |Description=Indicates that the malware instance is able to prevent or make memory forensics more difficult. |Associated Capabilities=Ema-1015 }}")
  • 15:06, 15 July 2018 Dbeck talk contribs deleted page Ema-1061 (content was: "{{Subcapability |Name=security software evasion |Description=Indicates that the malware instance is able to evade security software (e.g., anti-virus tools). |Associated Capabilities=Ema-1010 }}")
  • 15:06, 15 July 2018 Dbeck talk contribs deleted page Ema-1058 (content was: "{{Subcapability |Name=hide executing code |Description=Indicates that the malware instance is able to hide its executing code. |Associated Capabilities=Ema-1010 }}")
  • 15:06, 15 July 2018 Dbeck talk contribs deleted page Privilege Escalation (content was: "{{Subcapability |Name=anti-virus evasion |Description=Indicates that the malware instance is able to evade detection by anti-virus tools. |Associated Capabilities=Ema-1010 |References={{Reference |URL=http://unprotect.tdgt.org/index.php/...")
  • 15:05, 15 July 2018 Dbeck talk contribs deleted page Credential Access (content was: "{{Capability |Name=anti-behavioral analysis |Description=Indicates that the malware instance is able to prevent behavioral analysis or make it more difficult. |Associated Attributes=Attribute:4, Attribute:3 |Aliases=anti-runtime analysis }}")
  • 15:03, 15 July 2018 Dbeck talk contribs deleted page Ema-1264 (content was: "{{Subcapability |Name=anti-emulation |Description=Indicates that the malware is able to prevent itself from being executed in an emulator or make the emulation process more difficult. |Associated Capabilities=Ema-1018 }}")
  • 15:02, 15 July 2018 Dbeck talk contribs deleted page Ema-1068 (content was: "{{Subcapability |Name=anti-sandbox |Description=Indicates that the malware instance is able to prevent sandbox-based behavioral analysis or make it more difficult. |Associated Attributes=Attribute:3 |Associated Capabilities=Ema-1018 }}")
  • 15:02, 15 July 2018 Dbeck talk contribs deleted page Ema-1065 (content was: "{{Subcapability |Name=anti-VM |Description=Indicates that the malware instance is able to prevent virtual machine (VM) based behavioral analysis or make it more difficult. |Associated Attributes=Attribute:4 |Associated Capabilities=Ema-1...")
  • 15:01, 15 July 2018 Dbeck talk contribs deleted page Monitoring thread (content was: "{{Subcapability |Name=environment awareness |Description=Indicates that the malware instance can fingerprint or otherwise identify the environment in which it is executing, for the purpose of altering its behavior based on this environme...")
  • 11:01, 14 May 2018 Ikirillov talk contribs deleted page Ema-1063 (content was: "{{Subcapability |Name=hide artifacts |Description=Indicates that the malware instance is able to hide its artifacts, such as files and open ports. |Associated Capabilities=Ema-1010 }}")
  • 11:00, 14 May 2018 Ikirillov talk contribs deleted page Ema-1167 (content was: "{{Behavior |Name=hide file system artifacts |Description=The 'hide file system artifacts' Behavior hides one or more file system artifacts (e.g., files and/or directories) associated with the malware instance. |Associated Capabilities=Em...")
  • 11:00, 14 May 2018 Ikirillov talk contribs deleted page Ema-1168 (content was: "{{Behavior |Name=hide network traffic |Description=The 'hide network traffic' Behavior hides network traffic associated with the malware instance. |Associated Capabilities=Ema-1063 |References= }}")
  • 10:59, 14 May 2018 Ikirillov talk contribs deleted page Ema-1170 (content was: "{{Behavior |Name=hide open network ports |Description=The 'hide open network ports' Behavior hides one or more open network ports associated with the malware instance. |Associated Capabilities=Ema-1063 |References= }}")
  • 10:59, 14 May 2018 Ikirillov talk contribs deleted page Ema-1166 (content was: "{{Behavior |Name=hide registry artifacts |Description=The 'hide registry artifacts' Behavior hides one or more Windows registry artifacts (e.g., keys and/or values) associated with the malware instance. |Associated Capabilities=Ema-1063...")
  • 10:58, 14 May 2018 Ikirillov talk contribs deleted page Ema-1169 (content was: "{{Behavior |Name=obfuscate artifact properties |Description=The 'obfuscate artifact properties' Behavior hides the properties of one or more artifacts associated with the malware instance (e.g., by altering file system timestamps). |Asso...")
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)