Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes.Īdversaries may interact with the native OS application programming interface (API) to execute behaviors.Ĭontains ability to dynamically load librariesĬontains ability to retrieve the fully qualified path of module (API string)Ĭontains ability to dynamically determine API callsĬalls an API typically used to find a resource in a moduleĬalls an API typically used to load a resource in memoryĬalls an API typically used to create a processĬontains ability to modify processes thread functionality (API string)Īdversaries may abuse the Windows command shell for execution.Īdversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence.Īdversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
0 kommentar(er)
