All public logs

Jump to navigation Jump to search

Combined display of all available logs of ema. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)
  • 12:18, 23 September 2018 Dbeck talk contribs deleted page Ema-1208 (content was: "{{Behavior |Name=persist after os changes |Description=The 'persist after os changes' Behavior continues the execution of the malware instance after the operating system under which it is executing is modified, such as being installed or...")
  • 12:18, 23 September 2018 Dbeck talk contribs deleted page Ema-1070 (content was: "{{Behavior Instance |Associated Behavior=Ema-1208 |Name=UEFI Bootloader Injection |Description=Mac's UEFI bootloader can be exploit...", and the only contributor was "Cicalese" (talk))
  • 11:10, 16 September 2018 Dbeck talk contribs deleted page Ema-1178 (covered by Premium SMS Tool Fraud (Mobile ATT&CK))
  • 12:04, 7 September 2018 Dbeck talk contribs deleted page Ema-1241 (this is too close to definition of c2)
  • 11:46, 7 September 2018 Dbeck talk contribs deleted page Ema-1238 (moved into 'c2 host communication')
  • 11:46, 7 September 2018 Dbeck talk contribs deleted page Ema-1237 (moved into 'c2 host communication')
  • 11:46, 7 September 2018 Dbeck talk contribs deleted page Ema-1124 (moved into 'c2 host communication')
  • 11:45, 7 September 2018 Dbeck talk contribs deleted page Ema-1123 (moved into 'c2 host communication')
  • 10:41, 2 September 2018 Dbeck talk contribs deleted page Ema-1121 (content was: "{{Behavior |Name=fingerprint host |Description=The 'fingerprint host' Behavior creates a unique fingerprint for the system on which the malware instance is executing, e.g., based on the applications that are installed on the system. |Ass...")
  • 10:40, 2 September 2018 Dbeck talk contribs deleted page Ema-1096 (content was: "{{Behavior Instance |Associated Behavior=Ema-1121 |Name=OpCode Frequency Distribution |Description=Needs to be revisited |Supporting Details= |Code Snippets= |References={{Reference |URL=https://www.blackhat.com/presentations/bh-usa-06/B...")
  • 17:30, 1 September 2018 Dbeck talk contribs deleted page Ema-1172 (covered by inhibit memory dumping)
  • 13:17, 31 August 2018 Dbeck talk contribs deleted page Ema-1047 (content was: "{{Behavior |Name=virtualize packer |Description=Virtualizes [part of] packer stub code. This is a general category of anti-analysis and may...", and the only contributor was "Dbeck" (talk))
  • 13:07, 31 August 2018 Dbeck talk contribs deleted page Ema-1034 (covered by ATT&CK Process Injection)
  • 18:29, 30 August 2018 Dbeck talk contribs deleted page Ema-1050 (content was: "{{Behavior |Name=tool limitation |Description=Prevent the use of a tool via a specific limitation. This is a general category of anti-analysis and may refer to any number of techniques. |Associated Capabilities=Ema-1010,Ema-1026 }}")
  • 18:27, 30 August 2018 Dbeck talk contribs restored page Ema-1050 (6 revisions)
  • 18:27, 30 August 2018 Dbeck talk contribs deleted page Ema-1154 (content was: "{{Behavior |Name=block security websites |Description=The 'block security websites' Behavior prevents access from the system on which the malware instance is executing to one or more security vendor or security-related websites. |Associa...")
  • 18:27, 30 August 2018 Dbeck talk contribs restored page Ema-1154 (6 revisions)
  • 18:26, 30 August 2018 Dbeck talk contribs deleted page embedded file hooking (covered by ATT&CK Hooking)
  • 18:26, 30 August 2018 Dbeck talk contribs restored page embedded file hooking (6 revisions)
  • 18:07, 30 August 2018 Dbeck talk contribs deleted page embedded file hooking (covered by ATT&CK Hooking)
(newest | oldest) View ( | ) (20 | 50 | 100 | 250 | 500)