ATT&CK 기법 · Execution

Native API T1106

이 기법을 다룬 REVELARE 한국어 위협 분석 3편 · Execution

이 기법을 다룬 분석

T1106

PureHVNC RAT 분석: HostPapa 3268 C2와 .NET 27단 인메모리 언패킹

T1106

Booking.com ClickFix DLL, silent exit하는 LummaStealer 4중 회피

T1106

Silver Fox의 ValleyRAT, 깨끗한 ntdll로 EDR을 끊은 7분 분석

MITRE 공식 정의

Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.(Citation: NT API Windows)(Citation: Linux Kernel API) These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests durin…

attack.mitre.org ↗ATT&CK 매트릭스

플랫폼: Linux, macOS, Windows