Common Information
| Type | Value |
|---|---|
| Value |
Disabling Security Tools - T1089 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security scanning or event reporting. Detection: Monitor processes and command-line arguments to see if security tools are killed or stop running. Monitor Registry edits for modifications to services and startup programs that correspond to security tools. Lack of log or event file reporting may be suspicious. Platforms: Linux, macOS, Windows Data Sources: API monitoring, Anti-virus, File monitoring, Services, Windows Registry, Process command-line parameters Defense Bypassed: Anti-virus, File monitoring, Host intrusion prevention systems, Signature-based detection, Log analysis |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2025-03-11 | 12 | 5 Common Evasion Techniques in Malware - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2025-03-10 | 57 | Threat Intelligence Report Mar 4th – Mar 10th, 2025 | ||
| Details | Website | 2025-03-03 | 31 | Resecurity | DragonForce Ransomware - Reverse Engineering Report | ||
| Details | Website | 2025-02-24 | 172 | Black Basta Playbook Chat Leak | ||
| Details | Website | 2025-02-18 | 38 | RansomHub: Analyzing the TTPs of One of the Most Notorious Ransomware Variants of 2024 | ||
| Details | Website | 2025-02-17 | 21 | Threat Intelligence Report February 11 - February 17 2025 | Red Piranha | ||
| Details | Website | 2025-02-10 | 29 | Threat Intelligence Report Feb 4th – Feb 10th, 2025 | ||
| Details | Website | 2025-02-07 | 2 | Outpacing Ransomware: Proactive Prevention Strategies | ||
| Details | Website | 2025-02-06 | 8 | Lazarus Group Targets Bitdefender Researcher with LinkedIn Job Scam | ||
| Details | Website | 2025-02-04 | 10 | Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam | ||
| Details | Website | 2025-01-20 | 4 | Pumakit - Sophisticated Linux Rootkit That Persist Even After Reboots | ||
| Details | Website | 2025-01-16 | 13 | Pumakit: A Sophisticated Linux Rootkit Targeting Critical Infrastructure - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2025-01-08 | 0 | How to Defend Against the Three Most Dangerous Cybersecurity Attacks | ||
| Details | Website | 2025-01-06 | 25 | Threat Intelligence Report December 31 2024 - January 6 2025 | Red Piranha | ||
| Details | Website | 2024-12-30 | 25 | Threat Intelligence Report December 24th – December 30th, 2024 | ||
| Details | Website | 2024-12-03 | 17 | Mastering Advanced Evasion Techniques: An In-Depth Guide to Understanding and Mitigating… | ||
| Details | Website | 2024-10-18 | 56 | Vietnamese Threat Actor’s Multi-Layered Strategy On Digital Marketing Professionals - Cyble | ||
| Details | Website | 2024-09-12 | 0 | New Developer-As-A-Service In Hacking Forums Empowering Phishing And Cyberattacks | ||
| Details | Website | 2024-09-10 | 56 | Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries | ||
| Details | Website | 2024-09-02 | 0 | Understanding the Crown Jewels of an Organization: Safeguarding What Matters Most ……! | ||
| Details | Website | 2024-09-01 | 2 | SCENARIO: Exploitation of ScreenConnect Authentication Bypass Vulnerability (CVE-2024–1709 &… | ||
| Details | Website | 2024-08-30 | 6 | Critical Advisory On RansomHub Ransomware - Cyble | ||
| Details | Website | 2024-08-12 | 3 | BlackCat Ransomware | ||
| Details | Website | 2024-07-15 | 54 | Security's Achilles' Heel: Vulnerable Drivers on the Prowl | ||
| Details | Website | 2023-06-29 | 12 | Malware Analysis - medusalocker - f6f120d1262b88f79debb5d848ac7db9 - RedPacket Security |