Detecting MITRE ATT&CK: Defense evasion techniques with Falco
Tags
attack-pattern: Models Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Impair Defenses - T1562 Impair Defenses - T1629 Setuid And Setgid - T1548.001 Tool - T1588.002 Vulnerabilities - T1588.006 Disabling Security Tools - T1089 Setuid And Setgid - T1166
Show in Graph
Common Information
Type Value
UUID c70fea16-fe2a-452a-be98-b002098f7b97
Fingerprint be34c1948a255f45
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 2, 2021, midnight
Added to db Jan. 18, 2023, 10:29 p.m.
Last updated Nov. 15, 2024, 5:39 p.m.
Headline Detecting MITRE ATT&CK: Defense evasion techniques with Falco
Title Detecting MITRE ATT&CK: Defense evasion techniques with Falco
Detected Hints/Tags/Attributes 49/1/9
Source URLs
Redirection Url
Details Source https://sysdig.com/blog/mitre-defense-evasion-falco/
URL Provider
Details Provider Source level domain
Details sysdig.com sysdig.com
Attributes
Details Type #Events CTI Value
Details Domain 11 
update.aegis.aliyun.com
Details Domain 18 
uninstall.sh
Details Domain 37 
proc.name
Details Domain 75 
user.name
Details Domain 21 
container.id
Details Domain 24 
container.name
Details File 12 
%user.log
Details Url 8 
http://update.aegis.aliyun.com/download/uninstall.sh
Details Url 7 
http://update.aegis.aliyun.com/download/quartz_uninstall.sh