All public logs

Jump to navigation Jump to search

Combined display of all available logs of ema. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
  • 12:18, 23 September 2018 Dbeck talk contribs deleted page Ema-1208 (content was: "{{Behavior |Name=persist after os changes |Description=The 'persist after os changes' Behavior continues the execution of the malware instance after the operating system under which it is executing is modified, such as being installed or...")
  • 12:18, 23 September 2018 Dbeck talk contribs deleted page Ema-1070 (content was: "{{Behavior Instance |Associated Behavior=Ema-1208 |Name=UEFI Bootloader Injection |Description=Mac's UEFI bootloader can be exploit...", and the only contributor was "Cicalese" (talk))
  • 11:10, 16 September 2018 Dbeck talk contribs deleted page Ema-1178 (covered by Premium SMS Tool Fraud (Mobile ATT&CK))
  • 12:04, 7 September 2018 Dbeck talk contribs deleted page Ema-1241 (this is too close to definition of c2)
  • 11:46, 7 September 2018 Dbeck talk contribs deleted page Ema-1238 (moved into 'c2 host communication')
  • 11:46, 7 September 2018 Dbeck talk contribs deleted page Ema-1237 (moved into 'c2 host communication')
  • 11:46, 7 September 2018 Dbeck talk contribs deleted page Ema-1124 (moved into 'c2 host communication')
  • 11:45, 7 September 2018 Dbeck talk contribs deleted page Ema-1123 (moved into 'c2 host communication')
  • 10:41, 2 September 2018 Dbeck talk contribs deleted page Ema-1121 (content was: "{{Behavior |Name=fingerprint host |Description=The 'fingerprint host' Behavior creates a unique fingerprint for the system on which the malware instance is executing, e.g., based on the applications that are installed on the system. |Ass...")
  • 10:40, 2 September 2018 Dbeck talk contribs deleted page Ema-1096 (content was: "{{Behavior Instance |Associated Behavior=Ema-1121 |Name=OpCode Frequency Distribution |Description=Needs to be revisited |Supporting Details= |Code Snippets= |References={{Reference |URL=https://www.blackhat.com/presentations/bh-usa-06/B...")
  • 17:30, 1 September 2018 Dbeck talk contribs deleted page Ema-1172 (covered by inhibit memory dumping)
  • 13:17, 31 August 2018 Dbeck talk contribs deleted page Ema-1047 (content was: "{{Behavior |Name=virtualize packer |Description=Virtualizes [part of] packer stub code. This is a general category of anti-analysis and may...", and the only contributor was "Dbeck" (talk))
  • 13:07, 31 August 2018 Dbeck talk contribs deleted page Ema-1034 (covered by ATT&CK Process Injection)
  • 18:29, 30 August 2018 Dbeck talk contribs deleted page Ema-1050 (content was: "{{Behavior |Name=tool limitation |Description=Prevent the use of a tool via a specific limitation. This is a general category of anti-analysis and may refer to any number of techniques. |Associated Capabilities=Ema-1010,Ema-1026 }}")
  • 18:27, 30 August 2018 Dbeck talk contribs restored page Ema-1050 (6 revisions)
  • 18:27, 30 August 2018 Dbeck talk contribs deleted page Ema-1154 (content was: "{{Behavior |Name=block security websites |Description=The 'block security websites' Behavior prevents access from the system on which the malware instance is executing to one or more security vendor or security-related websites. |Associa...")
  • 18:27, 30 August 2018 Dbeck talk contribs restored page Ema-1154 (6 revisions)
  • 18:26, 30 August 2018 Dbeck talk contribs deleted page embedded file hooking (covered by ATT&CK Hooking)
  • 18:26, 30 August 2018 Dbeck talk contribs restored page embedded file hooking (6 revisions)
  • 18:07, 30 August 2018 Dbeck talk contribs deleted page embedded file hooking (covered by ATT&CK Hooking)
  • 18:04, 30 August 2018 Dbeck talk contribs deleted page Ema-1154 (covered by ATT&CK Disabling Security Tools)
  • 10:27, 30 August 2018 Dbeck talk contribs deleted page api hooking (overlaps with ATT&CK Hooking)
  • 10:26, 30 August 2018 Dbeck talk contribs deleted page Ema-1050 (overlaps with ATT&CK Disabling Security Tools)
  • 09:59, 30 August 2018 Dbeck talk contribs deleted page Ema-1224 (overlaps with ATT&CK Rootkit technique)
  • 09:56, 30 August 2018 Dbeck talk contribs restored page Ema-1224 (10 revisions)
  • 09:42, 30 August 2018 Dbeck talk contribs deleted page Ema-1224 (overlaps with ATT&CK Rootkit technique)
  • 10:53, 15 August 2018 Dbeck talk contribs deleted page Ema-1147 (content was: "{{Behavior |Name=disable OS security alerts |Description=The ‘disable OS security alerts’ Behavior disables operating system (OS) security alert messages that could lead to identification and/or notification of the presence of the ma...")
  • 10:47, 15 August 2018 Dbeck talk contribs deleted page Ema-1246 (content was: "{{Behavior |Name=inventory security products |Description=The 'inventory security products' Behavior creates an inventory of the security products installed or running on a system. |Associated Attributes=Attribute:27 |Associated Capabili...")
  • 10:47, 15 August 2018 Dbeck talk contribs deleted page Ema-1069 (content was: "{{Behavior Instance |Associated Behavior=Ema-1246 |Name=API Call: getInstalledPackages |Description=getInstalledPackages is used to get the list of installed Packages on the device, and is then compared against a list of security product...")
  • 08:53, 7 August 2018 Dbeck talk contribs deleted page Discovery (content was: "{{Capability |Name=Fraud |Description=Indicates that the malware instance is able to defraud a user or a system. }}")
  • 12:27, 27 July 2018 Dbeck talk contribs restored page hide kernel modules (10 revisions)
  • 12:25, 27 July 2018 Dbeck talk contribs deleted page hide kernel modules (content was: "{{Behavior |Name=hide kernel modules |Description=The 'hide kernel modules' Behavior hides the usage of any kernel modules by the malware instance. |Associated Attributes=Attribute:27 |Associated Capabilities=Ema-1028 }}")
  • 12:15, 27 July 2018 Dbeck talk contribs deleted page Ema-1151 (content was: "{{Behavior |Name=stop execution of security software |Description=The 'stop execution of security program' Behavior stops the execution of one or more instances of security software that may already be executing on a system. '''Examples...")
  • 12:15, 27 July 2018 Dbeck talk contribs deleted page Ema-1098 (content was: "{{Behavior Instance |Associated Behavior=Ema-1151 |Name=API Call: restartPackage |Description=Calling restartPackage on an already executing piece of security software can stop its its execution on a device. |Privilege Level=User space |...")
  • 11:29, 27 July 2018 Dbeck talk contribs deleted page & Component Firmware (content was: "{{Behavior |Name=injection |Description=Original file is injected in existing process (nothing written to disk and possibly higher privs). |...", and the only contributor was "Dbeck" (talk))
  • 11:25, 27 July 2018 Dbeck talk contribs deleted page Ema-1171 (content was: "{{Behavior |Name=feed misinformation during physical memory acquisition |Description=The 'feed misinformation during physical memory acquisition' Behavior reports inaccurate data when the contents of the physical memory of the system on...")
  • 10:58, 27 July 2018 Dbeck talk contribs deleted page Ema-1080 (content was: "{{Behavior Instance |Associated Behavior=Ema-1216 |Name=Web Injection |Description=On Macs, unpatched versions of applications can be exploited via malicious websites. |Privilege Level=User space |Supporting Details={{Supporting Detail |...")
  • 10:55, 27 July 2018 Dbeck talk contribs restored page Ema-1080 (24 revisions)
  • 10:53, 27 July 2018 Dbeck talk contribs deleted page Ema-1080 (content was: "{{Behavior Instance |Associated Behavior=Ema-1216 |Name=Web Injection |Description=On Macs, unpatched versions of applications can be exploited via malicious websites. |Privilege Level=User space |Supporting Details={{Supporting Detail |...")
  • 10:37, 27 July 2018 Dbeck talk contribs deleted page + malicious network driver (content was: "{{Behavior |Name=merge code sections |Description=Merge all sections; just one entry in the sections table. Only affects readability slightl...", and the only contributor was "Dbeck" (talk))
  • 10:36, 27 July 2018 Dbeck talk contribs deleted page Privilege Escalation (content was: "{{Behavior |Name=interleaving code |Description=A form of obfuscation that splits code into sections that are rearranged and con...", and the only contributor was "Ikirillov" (talk))
  • 10:28, 27 July 2018 Dbeck talk contribs deleted page + private api exploitation (Mobile) (content was: "{{Behavior |Name=symbolic obfuscation |Description=The removing or renaming of textual information in the code of the malware in...", and the only contributor was "Ikirillov" (talk))
  • 10:28, 27 July 2018 Dbeck talk contribs deleted page Credential Access (content was: "{{Behavior |Name=import address table obfuscation |Description=Obfuscation of the import address table of the malware instance,...", and the only contributor was "Ikirillov" (talk))
  • 10:27, 27 July 2018 Dbeck talk contribs deleted page & Rootkit (content was: "{{Behavior |Name=entrypoint obfuscation |Description=Obfuscation of the entry point of the malware executable, in order to hinde...", and the only contributor was "Ikirillov" (talk))
  • 10:25, 27 July 2018 Dbeck talk contribs deleted page Ema-1043 (content was: "{{Behavior |Name=minification |Description=Per wikipedia, minification is 'the process of removing all unnecessary characters from source co...", and the only contributor was "Dbeck" (talk))
  • 08:46, 27 July 2018 Dbeck talk contribs deleted page Ema-1042 (content was: "{{Behavior |Name=thunk insertion |Description=Variation on “jump”; also used by some compilers for user-generated functions (ex: Visual...", and the only contributor was "Dbeck" (talk))
  • 08:43, 27 July 2018 Dbeck talk contribs deleted page Ema-1040 (content was: "{{Behavior |Name=junk code insertion |Description=Insertion of dummy code between relevant opcodes. Can make signature writing more complex....", and the only contributor was "Dbeck" (talk))
  • 08:41, 27 July 2018 Dbeck talk contribs deleted page Ema-1041 (content was: "{{Behavior |Name=jump insertion |Description=Insertion of jumps to make analysis visually harder. |Associated Capabilities=Ema-1010 }}", and the only contributor was "Dbeck" (talk))
  • 08:40, 27 July 2018 Dbeck talk contribs deleted page Ema-1045 (content was: "{{Behavior |Name=fake code insertion |Description=Add fake code similar to known packers or known goods to fool identification. Can confuse...", and the only contributor was "Dbeck" (talk))
  • 08:17, 27 July 2018 Dbeck talk contribs deleted page Ema-1111 (content was: "{{Behavior |Name=steal web/network credential |Description=The 'steal web/network credential' Behavior steals usernames, passwords, or other forms of web (e.g., for logging into a website) and/or network credentials. |Associated Attribut...")
  • 08:16, 27 July 2018 Dbeck talk contribs deleted page Ema-1094 (content was: "{{Behavior Instance |Associated Behavior=Ema-1111 |Name=API Call: DeviceIoControlFile |Description=Hooking Nt/ZwDeviceIoControlFile can allow for network sniffing by inspecting the data on a network interface, through its device driver....")
  • 08:15, 27 July 2018 Dbeck talk contribs deleted page Ema-1093 (content was: "{{Behavior Instance |Associated Behavior=Ema-1111 |Name=API Call: HttpSendRequest |Description=Hooking HttpSendRequest can allow for the sniffing of data contained inside HTTP requests, which may include web/network credentials. |Privile...")
  • 08:14, 27 July 2018 Dbeck talk contribs deleted page Ema-1106 (content was: "{{Behavior Instance |Associated Behavior=Ema-1232 |Name=API Call: TranslateMessage |Description=The capture keyboard input behavior...", and the only contributor was "Cicalese" (talk))
  • 07:53, 27 July 2018 Dbeck talk contribs deleted page Ema-1176 (content was: "{{Behavior |Name=mine for cryptocurrency |Description=The 'mine for cryptocurrency' Behavior consumes system resources for cryptocurrency (e.g., Bitcoin, Litecoin, etc.) mining. |Associated Attributes=Attribute:7 |Associated Capabilities...")
  • 07:36, 27 July 2018 Dbeck talk contribs deleted page Ema-1234 (content was: "{{Behavior |Name=detect installed analysis tools |Description=Indicates that the malware instance attempts to detect whether certain analysis tools are present on the system on which it is executing. |Associated Capabilities=Ema-1026 }}")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page Self Debugging (content was: "{{Capability |Name=availability violation |Description=Indicates that the malware instance is able to compromise the availability of a system or some aspect of the system. |Associated Attributes=Attribute:7 }}")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page resource compression (content was: "{{Subcapability |Name=compromise system availability |Description=Indicates that the malware instance is able to compromise the availability of the local system on which it is executing and/or one or more remote systems. |Associated Capa...")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page Ema-1040 (content was: "{{Subcapability |Name=consume system resources |Description=Indicates that the malware instance is able to consume system resources for its own purposes, such as password cracking. |Associated Capabilities=Ema-1003 }}")
  • 16:54, 17 July 2018 Dbeck talk contribs deleted page debugger obstruction (content was: "{{Subcapability |Name=compromise data availability |Description=Indicates that the malware instance is able to compromise the availability of data on the local system on which it is executing and/or one or more remote systems. |Associate...")
  • 16:50, 17 July 2018 Dbeck talk contribs deleted page + windows shutdown event (content was: "{{Subcapability |Name=install other components |Description=Indicates that the malware instance is able to install additional components. This encompasses the dropping/downloading of other malicious components such as libraries, other ma...")
  • 16:50, 17 July 2018 Dbeck talk contribs deleted page Interrupt Hooking (content was: "{{Subcapability |Name=email spam |Description=Indicates that the malware instance is able to send spam email messages. |Associated Attributes=Attribute:5 |Associated Capabilities=Ema-1011 }}")
  • 16:29, 17 July 2018 Dbeck talk contribs deleted page c2 communication (content was: "{{Capability |Name=integrity violation |Description=Indicates that the malware instance is able to compromise the integrity of a system. }}")
  • 16:29, 17 July 2018 Dbeck talk contribs deleted page sandbox prevention (content was: "{{Subcapability |Name=data integrity violation |Description=Indicates that the malware instance is able to compromise the integrity of some data that resides on (e.g., in the case of files) or is received/transmitted (e.g., in the case o...")
  • 16:27, 17 July 2018 Dbeck talk contribs deleted page & Obfuscated Files or Information (content was: "{{Capability |Name=security degradation |Description=Indicates that the malware instance is able to bypass or disable security features and/or controls. |Associated Attributes=Attribute:17 }}")
  • 16:27, 17 July 2018 Dbeck talk contribs deleted page Ema-1034 (content was: "{{Subcapability |Name=security software degradation |Description=Indicates that the malware instance is able to bypass or disable security programs running on a system, either by stopping them from executing or by making changes to their...")
  • 16:26, 17 July 2018 Dbeck talk contribs deleted page polymorphic code (content was: "{{Subcapability |Name=service provider security feature degradation |Description=Indicates that the malware instance is able to bypass or disable mobile device service provider security features that would otherwise identify or notify us...")
  • 16:26, 17 July 2018 Dbeck talk contribs deleted page api hooking (content was: "{{Subcapability |Name=OS security feature degradation |Description=Indicates that the malware instance is able to bypass or disable operating system (OS) security mechanisms. |Associated Capabilities=Ema-1004 }}")
  • 09:33, 16 July 2018 Dbeck talk contribs deleted page + analysis tool discovery (content was: "{{Capability |Name=anti-removal |Description=Indicates that the malware instance is able to prevent itself and its components from being removed from a system. }}")
  • 09:31, 16 July 2018 Dbeck talk contribs deleted page Ema-1041 (content was: "{{Subcapability |Name=prevent artifact deletion |Description=Indicates that the malware instance is able to prevent its artifacts (e.g., files, registry keys, etc.) from being deleted. |Associated Capabilities=Ema-1005 }}")
  • 09:05, 16 July 2018 Dbeck talk contribs deleted page Ema-1042 (content was: "{{Subcapability |Name=prevent artifact access |Description=Indicates that the malware instance is able to prevent its artifacts (e.g., files, registry keys, etc.) from being accessed. |Associated Capabilities=Ema-1005 }}")
  • 02:35, 16 July 2018 Dbeck talk contribs deleted page Ema-1052 (content was: "{{Subcapability |Name=continuous execution |Description=Indicates that the malware instance is able to continue to execute on a system after significant system events, such as a system reboot. |Associated Capabilities=Ema-1016 }}")
  • 02:34, 16 July 2018 Dbeck talk contribs deleted page Ema-1053 (content was: "{{Subcapability |Name=system re-infection |Description=Indicates that the malware instance is able to re-infect a system after one or more of its components have been removed. |Associated Capabilities=Ema-1016 }}")
  • 02:32, 16 July 2018 Dbeck talk contribs deleted page exploitation for analysis evasion (content was: "{{Subcapability |Name=input peripheral capture |Description=Indicates that the malware instance is able to capture data from a system's input peripheral devices, such as a keyboard or mouse. |Associated Capabilities=Ema-1012 }}")
  • 02:30, 16 July 2018 Dbeck talk contribs deleted page Ema-1054 (content was: "{{Subcapability |Name=remote machine infection |Description=Indicates that the malware instance is able to self-propagate to a remote machine or infect a machine with malware that is different than itself. |Associated Attributes=Attribut...")
  • 02:27, 16 July 2018 Dbeck talk contribs deleted page + private api exploitation (Mobile) (content was: "{{Subcapability |Name=authentication credentials theft |Description=Indicates that the malware instance is able to steal authentication credentials. |Associated Capabilities=Ema-1014 }}")
  • 02:23, 16 July 2018 Dbeck talk contribs deleted page Ema-1059 (content was: "{{Subcapability |Name=send data to c2 server |Description=Indicates that the malware instance is able to send some data to a command and control server. |Associated Capabilities=Ema-1017 }}")
  • 02:22, 16 July 2018 Dbeck talk contribs deleted page Ema-1057 (content was: "{{Subcapability |Name=receive data from c2 server |Description=Indicates that the malware instance is able to receive some data from a command and control server. |Associated Attributes=Attribute:5 |Associated Capabilities=Ema-1017 }}")
  • 02:20, 16 July 2018 Dbeck talk contribs deleted page Ema-1056 (content was: "{{Subcapability |Name=determine c2 server |Description=Indicates that the malware instance is able to identify one or more command and control (C2) servers with which to communicate. |Associated Capabilities=Ema-1017 }}")
  • 15:17, 15 July 2018 Dbeck talk contribs deleted page Ema-1044 (content was: "{{Subcapability |Name=virtual entity destruction |Description=Indicates that the malware instance is able to destroy a virtual entity. |Associated Capabilities=Ema-1002 }}")
  • 15:16, 15 July 2018 Dbeck talk contribs deleted page Ema-1045 (content was: "{{Subcapability |Name=physical entity destruction |Description=Indicates that the malware instance is able to destroy physical entities. |Associated Capabilities=Ema-1002 }}")
  • 15:10, 15 July 2018 Dbeck talk contribs deleted page & Rootkit (content was: "{{Capability |Name=anti-static analysis |Description=Indicates that the malware instance is able to prevent static/code analysis or make it more difficult. }}")
  • 15:09, 15 July 2018 Dbeck talk contribs deleted page Ema-1067 (content was: "{{Subcapability |Name=anti-debugging |Description=Indicates that the malware instance is able to prevent itself from being debugged and/or from being run in a debugger or is able to make debugging more difficult. |Associated Capabilities...")
  • 15:09, 15 July 2018 Dbeck talk contribs deleted page Anti-Static Analysis (content was: "{{Capability |Name=anti-detection |Description=Indicates that the malware instance is able to prevent itself and its components from being detected on a system. }}")
  • 15:09, 15 July 2018 Dbeck talk contribs deleted page Ema-1060 (content was: "{{Subcapability |Name=self-modification |Description=Indicates that the malware instance is able to modify itself. |Associated Attributes=Attribute:16 |Associated Capabilities=Ema-1010 }}")
  • 15:08, 15 July 2018 Dbeck talk contribs deleted page Ema-1064 (content was: "{{Subcapability |Name=anti-disassembly |Description=Indicates that the malware instance is able to prevent itself from being disassembled or make disassembly more difficult. |Associated Capabilities=Ema-1015 }}")
  • 15:08, 15 July 2018 Dbeck talk contribs deleted page Ema-1062 (content was: "{{Subcapability |Name=anti-memory forensics |Description=Indicates that the malware instance is able to prevent or make memory forensics more difficult. |Associated Capabilities=Ema-1015 }}")
  • 15:06, 15 July 2018 Dbeck talk contribs deleted page Ema-1061 (content was: "{{Subcapability |Name=security software evasion |Description=Indicates that the malware instance is able to evade security software (e.g., anti-virus tools). |Associated Capabilities=Ema-1010 }}")
  • 15:06, 15 July 2018 Dbeck talk contribs deleted page Ema-1058 (content was: "{{Subcapability |Name=hide executing code |Description=Indicates that the malware instance is able to hide its executing code. |Associated Capabilities=Ema-1010 }}")
  • 15:06, 15 July 2018 Dbeck talk contribs deleted page Privilege Escalation (content was: "{{Subcapability |Name=anti-virus evasion |Description=Indicates that the malware instance is able to evade detection by anti-virus tools. |Associated Capabilities=Ema-1010 |References={{Reference |URL=http://unprotect.tdgt.org/index.php/...")
  • 15:05, 15 July 2018 Dbeck talk contribs deleted page Credential Access (content was: "{{Capability |Name=anti-behavioral analysis |Description=Indicates that the malware instance is able to prevent behavioral analysis or make it more difficult. |Associated Attributes=Attribute:4, Attribute:3 |Aliases=anti-runtime analysis }}")
  • 15:03, 15 July 2018 Dbeck talk contribs deleted page Ema-1264 (content was: "{{Subcapability |Name=anti-emulation |Description=Indicates that the malware is able to prevent itself from being executed in an emulator or make the emulation process more difficult. |Associated Capabilities=Ema-1018 }}")
  • 15:02, 15 July 2018 Dbeck talk contribs deleted page Ema-1068 (content was: "{{Subcapability |Name=anti-sandbox |Description=Indicates that the malware instance is able to prevent sandbox-based behavioral analysis or make it more difficult. |Associated Attributes=Attribute:3 |Associated Capabilities=Ema-1018 }}")
  • 15:02, 15 July 2018 Dbeck talk contribs deleted page Ema-1065 (content was: "{{Subcapability |Name=anti-VM |Description=Indicates that the malware instance is able to prevent virtual machine (VM) based behavioral analysis or make it more difficult. |Associated Attributes=Attribute:4 |Associated Capabilities=Ema-1...")
  • 15:01, 15 July 2018 Dbeck talk contribs deleted page Monitoring thread (content was: "{{Subcapability |Name=environment awareness |Description=Indicates that the malware instance can fingerprint or otherwise identify the environment in which it is executing, for the purpose of altering its behavior based on this environme...")
  • 11:01, 14 May 2018 Ikirillov talk contribs deleted page Ema-1063 (content was: "{{Subcapability |Name=hide artifacts |Description=Indicates that the malware instance is able to hide its artifacts, such as files and open ports. |Associated Capabilities=Ema-1010 }}")
  • 11:00, 14 May 2018 Ikirillov talk contribs deleted page Ema-1167 (content was: "{{Behavior |Name=hide file system artifacts |Description=The 'hide file system artifacts' Behavior hides one or more file system artifacts (e.g., files and/or directories) associated with the malware instance. |Associated Capabilities=Em...")
  • 11:00, 14 May 2018 Ikirillov talk contribs deleted page Ema-1168 (content was: "{{Behavior |Name=hide network traffic |Description=The 'hide network traffic' Behavior hides network traffic associated with the malware instance. |Associated Capabilities=Ema-1063 |References= }}")
  • 10:59, 14 May 2018 Ikirillov talk contribs deleted page Ema-1170 (content was: "{{Behavior |Name=hide open network ports |Description=The 'hide open network ports' Behavior hides one or more open network ports associated with the malware instance. |Associated Capabilities=Ema-1063 |References= }}")
  • 10:59, 14 May 2018 Ikirillov talk contribs deleted page Ema-1166 (content was: "{{Behavior |Name=hide registry artifacts |Description=The 'hide registry artifacts' Behavior hides one or more Windows registry artifacts (e.g., keys and/or values) associated with the malware instance. |Associated Capabilities=Ema-1063...")
  • 10:58, 14 May 2018 Ikirillov talk contribs deleted page Ema-1169 (content was: "{{Behavior |Name=obfuscate artifact properties |Description=The 'obfuscate artifact properties' Behavior hides the properties of one or more artifacts associated with the malware instance (e.g., by altering file system timestamps). |Asso...")
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)