Common Information
| Type | Value |
|---|---|
| Value |
Hooking - T1617 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may utilize hooking to hide the presence of artifacts associated with their behaviors to evade detection. Hooking can be used to modify return values or data structures of system APIs and function calls. This process typically involves using 3rd party root frameworks, such as Xposed or Magisk, with either a system exploit or pre-existing root access. By including custom modules for root frameworks, adversaries can hook system APIs and alter the return value and/or system data structures to alter functionality/visibility of various aspects of the system. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-09-05 | 18 | Lumma Malware | ||
| Details | Website | 2024-09-05 | 3 | Attack Surface [Guest Diary] - SANS Internet Storm Center | ||
| Details | Website | 2024-09-05 | 3 | Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger | ||
| Details | Website | 2024-09-05 | 7 | Analysis of Evolving Evasion Tradecraft in Contemporary Malware and Command-and-Control Frameworks | ||
| Details | Website | 2024-09-04 | 2 | Deploying Rust in Existing Firmware Codebases | ||
| Details | Website | 2024-09-04 | 2 | Deploying Rust in Existing Firmware Codebases | ||
| Details | Website | 2024-08-31 | 12 | InsecureBankv2 Pentest Report | ||
| Details | Website | 2024-08-29 | 7 | Live Patching DLLs with Python - SANS Internet Storm Center | ||
| Details | Website | 2024-08-28 | 9 | Attacking Android Malware with Frida | ||
| Details | Website | 2024-08-27 | 10 | Taking the Crossroads: The Versa Director Zero-Day Exploitation - Lumen | ||
| Details | Website | 2024-08-19 | 6 | Technical Analysis: CVE-2024-38021 | ||
| Details | Website | 2024-08-18 | 0 | Pet Lovers Deploys 100-site SD-WAN, Eliminates Firewalls with Cato Cloud | ||
| Details | Website | 2024-08-15 | 85 | Tusk campaign uses infostealers and clippers for financial gain | ||
| Details | Website | 2024-08-09 | 0 | Tech Analysis: CrowdStrike's Kernel Access and Security Architecture | ||
| Details | Website | 2024-07-25 | 33 | Thread Name-Calling - using Thread Name for offense - Check Point Research | ||
| Details | Website | 2024-07-18 | 26 | HotPage: Story of a signed, vulnerable, ad-injecting driver | ||
| Details | Website | 2024-07-01 | 62 | Kimsuky deploys TRANSLATEXT to target South Korean academia | ||
| Details | Website | 2024-06-20 | 67 | Android app抓包场景详解 | ||
| Details | Website | 2024-06-18 | 1 | New Diamorphine rootkit variant seen undetected in the wild - Avast Threat Labs | ||
| Details | Website | 2024-06-18 | 30 | Cloaked and Covert: Uncovering UNC3886 Espionage Operations | Google Cloud Blog | ||
| Details | Website | 2024-06-03 | 16 | Unveiling Sharp Panda’s New Loader – Securite360 | ||
| Details | Website | 2024-05-30 | 11 | Protecting your devices from information theft — Elastic Security Labs | ||
| Details | Website | 2024-05-30 | 11 | 情報窃取から端末を守る — Elastic Security Labs | ||
| Details | Website | 2024-05-09 | 10 | Emulation with Qiling - LRQA Nettitude Labs | ||
| Details | Website | 2024-05-06 | 27 | HijackLoader Updates |