Show in Graph
Common Information
Type Value
Value 
Execution Guardrails - T1480
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may use execution guardrails to constrain execution or actions based on adversary supplied and environment specific conditions that are expected to be present on the target. Guardrails ensure that a payload only executes against an intended target and reduces collateral damage from an adversary’s campaign.(Citation: FireEye Kevin Mandia Guardrails) Values an adversary can provide about a target system or environment to use as guardrails may include specific network share names, attached physical devices, files, joined Active Directory (AD) domains, and local/external IP addresses.(Citation: FireEye Outlook Dec 2019) Guardrails can be used to prevent exposure of capabilities in environments that are not intended to be compromised or operated within. This use of guardrails is distinct from typical [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497). While use of [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) may involve checking for known sandbox values and continuing with execution only if there is no match, the use of guardrails will involve checking for an expected target-specific value and only continuing with execution if there is such a match.
Details Published Attributes CTI Title
Details Website 2024-09-09 41 Earth Preta Evolves its Attacks with New Malware and Strategies
Details Website 2024-09-09 41 Earth Preta Evolves its Attacks with New Malware and Strategies
Details Website 2024-08-12 3 EnvyScout Dropper
Details Website 2024-08-06 15 Execution Guardrails: No One Likes Unintentional Exposure
Details Website 2024-07-25 13 SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea
Details Website 2024-07-15 88 DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1
Details Website 2024-05-16 23 Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
Details Website 2024-05-15 45 To the Moon and back(doors): Lunar landing in diplomatic missions
Details Website 2024-04-11 24 Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
Details Website 2024-03-26 9 Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
Details Website 2024-03-26 9 Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
Details Website 2024-01-24 16 Mexican Banks and Cryptocurrency Platforms Targeted With AllaKore RAT
Details Website 2023-10-02 2 North Korea’s Lazarus adds new LightlessCan backdoor to its arsenal
Details Website 2023-09-29 25 The Thin Line: Educational Tools vs. Malicious Threats - A Focus on The-Murk-Stealer - CYFIRMA
Details Website 2023-09-24 49 Deadglyph: a new advanced backdoor from Stealth Falcon
Details Website 2023-09-21 170 Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations | Mandiant
Details Website 2023-08-24 2 Revisiting BLISTER: New development of the BLISTER loader — Elastic Security Labs
Details Website 2023-08-07 18 Databases beware: Abusing Microsoft SQL Server with SQLRecon
Details Website 2023-07-27 117 Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector
Details Website 2023-06-14 23 Understanding Ransomware Threat Actors: LockBit – Cyber Safe NV
Details Website 2023-05-17 25 AndoryuBot's DDOS Rampage
Details Website 2023-05-08 14 SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials — and Is Now Targeting Turkey
Details Website 2023-03-16 51 #StopRansomware: LockBit 3.0 | CISA
Details Website 2023-03-02 199 Russia/Ukraine Update - February 2023
Details Website 2023-02-09 32 NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool