_defense-evasion - RunkIntel

# Evasão de Defesa ```mermaid graph TB A["🛡️ Defesas do Alvo"] --> B["🌀 Ofuscacao T1027 - Packing / Encoding"] A --> C["🎭 Mascaramento T1036 - Masquerading"] A --> D["💉 Injecao de Processo T1055 - Process Injection"] A --> E["🗑️ Remocao de Evidencias T1070 - Indicator Removal"] A --> F["🔕 Desativar Ferramentas T1562 - Impair Defenses"] B --> G["✅ Execução Sem Detecção Objetivo Atingido"] C --> G D --> G E --> G F --> G ``` > [!info] Visão Geral > A tática de Evasão de Defesa (TA0005) e a mais ampla do MITRE ATT&CK, com 188 técnicas cobrindo todas as formas de evitar detecção por EDRs, SIEMs, antivirus e outras ferramentas de segurança. Os atacantes investem significativamente nessa tática porque a detecção precoce interrompe toda a cadeia de ataque. > **Técnicas:** 188 técnicas - a maior categoria do framework, refletindo a sofisticação e variedade das evasoes modernas. > **Destaque LATAM:** Malwares bancarios brasileiros como **Grandoreiro** e **Astaroth** sao altamente polimorficos e utilizam técnicas de evasão avancadas para contornar antivirus nacionais. > [!warning] Contexto Brasil/LATAM > O ecosistema de malware bancario brasileiro e mundialmente reconhecido pela sofisticação em evasão. Familias como **Grandoreiro**, **Astaroth** e **Javali** utilizam **HTML Smuggling (T1027.006)**, **Process Hollowing (T1055.012)** e **Living-off-the-Land (LOLBins)** para contornar soluções de segurança. Grupos como **Blind Eagle** também empregam **T1562 (Impair Defenses)** para desativar Windows Defender antes de instalar payloads. A ofuscacao via **T1027** e onipresente em campanhas direcionadas ao setor financeiro LATAM. > **188 técnicas** · Evitar detecção por ferramentas de segurança - ofuscação, desativação de logs, mascaramento. %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Nome" FROM "ttp/techniques/defense-evasion" WHERE type = "technique" SORT title ASC ``` %%   | Nota | Nome | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | | [[t1006-direct-volume-access\|T1006 - Direct Volume Access]] | T1006 - Direct Volume Access | | [[t1014-rootkit\|T1014 - Rootkit]] | T1014 - Rootkit | | [[t1027-obfuscated-files-or-information\|T1027 - Obfuscated Files or Information]] | T1027 - Obfuscated Files or Information | | [[t1027-obfuscated-files\|T1027 - Obfuscated Files or Information]] | T1027 - Obfuscated Files or Information | | [[t1027-001-binary-padding\|T1027.001 - Binary Padding]] | T1027.001 - Binary Padding | | [[t1027-002-software-packing\|T1027.002 - Software Packing]] | T1027.002 - Software Packing | | [[t1027-003-steganography\|T1027.003 - Steganography]] | T1027.003 - Steganography | | [[t1027-004-compile-after-delivery\|T1027.004 - Compile After Delivery]] | T1027.004 - Compile After Delivery | | [[t1027-005-indicator-removal-from-tools\|T1027.005 - Indicator Removal from Tools]] | T1027.005 - Indicator Removal from Tools | | [[t1027-006-html-smuggling\|T1027.006 - HTML Smuggling]] | T1027.006 - HTML Smuggling | | [[t1027-007-dynamic-api-resolution\|T1027.007 - Dynamic API Resolution]] | T1027.007 - Dynamic API Resolution | | [[t1027-008-stripped-payloads\|T1027.008 - Stripped Payloads]] | T1027.008 - Stripped Payloads | | [[t1027-009-embedded-payloads\|T1027.009 - Embedded Payloads]] | T1027.009 - Embedded Payloads | | [[t1027-010-command-obfuscation\|T1027.010 - Command Obfuscation]] | T1027.010 - Command Obfuscation | | [[t1027-011-fileless-storage\|T1027.011 - Fileless Storage]] | T1027.011 - Fileless Storage | | [[t1027-012-lnk-icon-smuggling\|T1027.012 - LNK Icon Smuggling]] | T1027.012 - LNK Icon Smuggling | | [[t1027-013-encryptedencoded-file\|T1027.013 - Encrypted/Encoded File]] | T1027.013 - Encrypted/Encoded File | | [[t1027-014-polymorphic-code\|T1027.014 - Polymorphic Code]] | T1027.014 - Polymorphic Code | | [[t1027-015-compression\|T1027.015 - Compression]] | T1027.015 - Compression | | [[t1027-016-junk-code-insertion\|T1027.016 - Junk Code Insertion]] | T1027.016 - Junk Code Insertion | | [[t1027-017-svg-smuggling\|T1027.017 - SVG Smuggling]] | T1027.017 - SVG Smuggling | | [[t1036-masquerading\|T1036 - Masquerading]] | T1036 - Masquerading | | [[t1036-001-invalid-code-signature\|T1036.001 - Invalid Code Signature]] | T1036.001 - Invalid Code Signature | | [[t1036-002-right-to-left-override\|T1036.002 - Right-to-Left Override]] | T1036.002 - Right-to-Left Override | | [[t1036-003-rename-legitimate-utilities\|T1036.003 - Rename Legitimaté Utilities]] | T1036.003 - Rename Legitimaté Utilities | | [[t1036-004-masquerade-task-or-service\|T1036.004 - Masquerade Task or Service]] | T1036.004 - Masquerade Task or Service | | [[t1036-005-match-legitimate-resource-name-or-location\|T1036.005 - Match Legitimaté Resource Name or Location]] | T1036.005 - Match Legitimaté Resource Name or Location | | [[t1036-006-space-after-filename\|T1036.006 - Space after Filename]] | T1036.006 - Space after Filename | | [[t1036-007-double-file-extension\|T1036.007 - Double File Extension]] | T1036.007 - Double File Extension | | [[t1036-008-masquerade-file-type\|T1036.008 - Masquerade File Type]] | T1036.008 - Masquerade File Type | | [[t1036-009-break-process-trees\|T1036.009 - Break Process Trees]] | T1036.009 - Break Process Trees | | [[t1036-010-masquerade-account-name\|T1036.010 - Masquerade Account Name]] | T1036.010 - Masquerade Account Name | | [[t1036-011-overwrite-process-arguments\|T1036.011 - Overwrite Process Arguments]] | T1036.011 - Overwrite Process Arguments | | [[t1036-012-browser-fingerprint\|T1036.012 - Browser Fingerprint]] | T1036.012 - Browser Fingerprint | | [[t1055-process-injection\|T1055 - Process Injection]] | T1055 - Process Injection | | [[t1055-001-dynamic-link-library-injection\|T1055.001 - Dynamic-link Library Injection]] | T1055.001 - Dynamic-link Library Injection | | [[t1055-002-portable-executable-injection\|T1055.002 - Portable Executable Injection]] | T1055.002 - Portable Executable Injection | | [[t1055-003-thread-execution-hijacking\|T1055.003 - Thread Execution Hijacking]] | T1055.003 - Thread Execution Hijacking | | [[t1055-004-asynchronous-procedure-call\|T1055.004 - Asynchronous Procedure Call]] | T1055.004 - Asynchronous Procedure Call | | [[t1055-005-thread-local-storage\|T1055.005 - Thread Local Storage]] | T1055.005 - Thread Local Storage | | [[t1055-008-ptrace-system-calls\|T1055.008 - Ptrace System Calls]] | T1055.008 - Ptrace System Calls | | [[t1055-009-proc-memory\|T1055.009 - Proc Memory]] | T1055.009 - Proc Memory | | [[t1055-011-extra-window-memory-injection\|T1055.011 - Extra Window Memory Injection]] | T1055.011 - Extra Window Memory Injection | | [[t1055-012-process-hollowing\|T1055.012 - Process Hollowing]] | T1055.012 - Process Hollowing | | [[t1055-013-process-doppelgnging\|T1055.013 - Process Doppelgänging]] | T1055.013 - Process Doppelgänging | | [[t1055-014-vdso-hijacking\|T1055.014 - VDSO Hijacking]] | T1055.014 - VDSO Hijacking | | [[t1055-015-listplanting\|T1055.015 - ListPlanting]] | T1055.015 - ListPlanting | | [[t1070-indicator-removal\|T1070 - Indicator Removal]] | T1070 - Indicator Removal | | [[t1070-001-clear-windows-event-logs\|T1070.001 - Clear Windows Event Logs]] | T1070.001 - Clear Windows Event Logs | | [[t1070-002-clear-linux-or-mac-system-logs\|T1070.002 - Clear Linux or Mac System Logs]] | T1070.002 - Clear Linux or Mac System Logs | | [[t1070-003-clear-command-history\|T1070.003 - Clear Command History]] | T1070.003 - Clear Command History | | [[t1070-004-file-deletion\|T1070.004 - File Deletion]] | T1070.004 - File Deletion | | [[t1070-005-network-share-connection-removal\|T1070.005 - Network Share Connection Removal]] | T1070.005 - Network Share Connection Removal | | [[t1070-006-timestomp\|T1070.006 - Timestomp]] | T1070.006 - Timestomp | | [[t1070-007-clear-network-connection-history-and-configurations\|T1070.007 - Clear Network Connection History and Configurations]] | T1070.007 - Clear Network Connection History and Configurations | | [[t1070-008-clear-mailbox-data\|T1070.008 - Clear Mailbox Data]] | T1070.008 - Clear Mailbox Data | | [[t1070-009-clear-persistence\|T1070.009 - Clear Persistence]] | T1070.009 - Clear Persistence | | [[t1070-010-relocate-malware\|T1070.010 - Relocaté Malware]] | T1070.010 - Relocaté Malware | | [[t1078-valid-accounts\|T1078 - Valid Accounts]] | T1078 - Valid Accounts | | [[t1078-001-default-accounts\|T1078.001 - Default Accounts]] | T1078.001 - Default Accounts | | [[t1078-002-domain-accounts\|T1078.002 - Domain Accounts]] | T1078.002 - Domain Accounts | | [[t1078-003-local-accounts\|T1078.003 - Local Accounts]] | T1078.003 - Local Accounts | | [[t1078-004-cloud-accounts\|T1078.004 - Cloud Accounts]] | T1078.004 - Cloud Accounts | | [[t1112-modify-registry\|T1112 - Modify Registry]] | T1112 - Modify Registry | | [[t1127-trusted-developer-utilities-proxy-execution\|T1127 - Trusted Developer Utilities Proxy Execution]] | T1127 - Trusted Developer Utilities Proxy Execution | | [[t1127-001-msbuild\|T1127.001 - MSBuild]] | T1127.001 - MSBuild | | [[t1127-002-clickonce\|T1127.002 - ClickOnce]] | T1127.002 - ClickOnce | | [[t1127-003-jamplus\|T1127.003 - JámPlus]] | T1127.003 - JámPlus | | [[t1134-access-token-manipulation\|T1134 - Access Token Manipulation]] | T1134 - Access Token Manipulation | | [[t1134-001-token-impersonationtheft\|T1134.001 - Token Impersonation/Theft]] | T1134.001 - Token Impersonation/Theft | | [[t1134-002-create-process-with-token\|T1134.002 - Creaté Process with Token]] | T1134.002 - Creaté Process with Token | | [[t1134-003-make-and-impersonate-token\|T1134.003 - Make and Impersonaté Token]] | T1134.003 - Make and Impersonaté Token | | [[t1134-004-parent-pid-spoofing\|T1134.004 - Parent PID Spoofing]] | T1134.004 - Parent PID Spoofing | | [[t1134-005-sid-history-injection\|T1134.005 - SID-History Injection]] | T1134.005 - SID-History Injection | | [[t1140-deobfuscate-decode\|T1140 - Deobfuscaté/Decode Files or Information]] | T1140 - Deobfuscaté/Decode Files or Information | | [[t1140-deobfuscatedecode-files-or-information\|T1140 - Deobfuscaté/Decode Files or Information]] | T1140 - Deobfuscaté/Decode Files or Information | | [[t1197-bits-jobs\|T1197 - BITS Jobs]] | T1197 - BITS Jobs | | [[t1202-indirect-command-execution\|T1202 - Indirect Command Execution]] | T1202 - Indirect Command Execution | | [[t1205-traffic-signaling\|T1205 - Traffic Signaling]] | T1205 - Traffic Signaling | | [[t1205-001-port-knocking\|T1205.001 - Port Knocking]] | T1205.001 - Port Knocking | | [[t1205-002-socket-filters\|T1205.002 - Socket Filters]] | T1205.002 - Socket Filters | | [[t1207-rogue-domain-controller\|T1207 - Rogue Domain Controller]] | T1207 - Rogue Domain Controller | | [[t1211-exploitation-for-defense-evasion\|T1211 - Exploitation for Defense Evasion]] | T1211 - Exploitation for Defense Evasion | | [[t1216-system-script-proxy-execution\|T1216 - System Script Proxy Execution]] | T1216 - System Script Proxy Execution | | [[t1216-001-pubprn\|T1216.001 - PubPrn]] | T1216.001 - PubPrn | | [[t1216-002-syncappvpublishingserver\|T1216.002 - SyncAppvPublishingServer]] | T1216.002 - SyncAppvPublishingServer | | [[t1218-system-binary-proxy-execution\|T1218 - System Binary Proxy Execution]] | T1218 - System Binary Proxy Execution | | [[t1218-001-compiled-html-file\|T1218.001 - Compiled HTML File]] | T1218.001 - Compiled HTML File | | [[t1218-002-control-panel\|T1218.002 - Control Panel]] | T1218.002 - Control Panel | | [[t1218-003-cmstp\|T1218.003 - CMSTP]] | T1218.003 - CMSTP | | [[t1218-004-installutil\|T1218.004 - InstallUtil]] | T1218.004 - InstallUtil | | [[t1218-005-mshta\|T1218.005 - Mshta]] | T1218.005 - Mshta | | [[t1218-007-msiexec\|T1218.007 - Msiexec]] | T1218.007 - Msiexec | | [[t1218-008-odbcconf\|T1218.008 - Odbcconf]] | T1218.008 - Odbcconf | | [[t1218-009-regsvcsregasm\|T1218.009 - Regsvcs/Regasm]] | T1218.009 - Regsvcs/Regasm | | [[t1218-010-regsvr32\|T1218.010 - Regsvr32]] | T1218.010 - Regsvr32 | | [[t1218-011-rundll32\|T1218.011 - Rundll32]] | T1218.011 - Rundll32 | | [[t1218-012-verclsid\|T1218.012 - Verclsid]] | T1218.012 - Verclsid | | [[t1218-013-mavinject\|T1218.013 - Mavinject]] | T1218.013 - Mavinject | | [[t1218-014-mmc\|T1218.014 - MMC]] | T1218.014 - MMC | | [[t1218-015-electron-applications\|T1218.015 - Electron Applications]] | T1218.015 - Electron Applications | | [[t1220-xsl-script-processing\|T1220 - XSL Script Processing]] | T1220 - XSL Script Processing | | [[t1221-template-injection\|T1221 - Templaté Injection]] | T1221 - Templaté Injection | | [[t1222-file-and-directory-permissions-modification\|T1222 - File and Directory Permissions Modification]] | T1222 - File and Directory Permissions Modification | | [[t1222-001-windows-file-and-directory-permissions-modification\|T1222.001 - Windows File and Directory Permissions Modification]] | T1222.001 - Windows File and Directory Permissions Modification | | [[t1222-002-linux-and-mac-file-and-directory-permissions-modification\|T1222.002 - Linux and Mac File and Directory Permissions Modification]] | T1222.002 - Linux and Mac File and Directory Permissions Modification | | [[t1406-obfuscated-files-or-information\|T1406 - Obfuscated Files or Information]] | T1406 - Obfuscated Files or Information | | [[t1407-download-new-code-at-runtime\|T1407 - Download New Code at Runtime]] | T1407 - Download New Code at Runtime | | [[t1480-execution-guardrails\|T1480 - Execution Guardrails]] | T1480 - Execution Guardrails | | [[t1480-001-environmental-keying\|T1480.001 - Environmental Keying]] | T1480.001 - Environmental Keying | | [[t1480-002-mutual-exclusion\|T1480.002 - Mutual Exclusion]] | T1480.002 - Mutual Exclusion | | [[t1484-domain-or-tenant-policy-modification\|T1484 - Domain or Tenant Policy Modification]] | T1484 - Domain or Tenant Policy Modification | | [[t1484-001-group-policy-modification\|T1484.001 - Group Policy Modification]] | T1484.001 - Group Policy Modification | | [[t1484-002-trust-modification\|T1484.002 - Trust Modification]] | T1484.002 - Trust Modification | | [[t1497-virtualization-evasion\|T1497 - Virtualization/Sandbox Evasion]] | T1497 - Virtualization/Sandbox Evasion | | [[t1497-virtualizationsandbox-evasion\|T1497 - Virtualization/Sandbox Evasion]] | T1497 - Virtualization/Sandbox Evasion | | [[t1497-001-system-checks\|T1497.001 - System Checks]] | T1497.001 - System Checks | | [[t1497-002-user-activity-based-checks\|T1497.002 - User Activity Based Checks]] | T1497.002 - User Activity Based Checks | | [[t1497-003-time-based-checks\|T1497.003 - Time Based Checks]] | T1497.003 - Time Based Checks | | [[t1508-suppress-application-icon\|T1508 - Suppress Application Icon]] | T1508 - Suppress Application Icon | | [[t1535-unusedunsupported-cloud-regions\|T1535 - Unused/Unsupported Cloud Regions]] | T1535 - Unused/Unsupported Cloud Regions | | [[t1542-pre-os-boot\|T1542 - Pre-OS Boot]] | T1542 - Pre-OS Boot | | [[t1542-004-rommonkit\|T1542.004 - ROMMONkit]] | T1542.004 - ROMMONkit | | [[t1542-005-tftp-boot\|T1542.005 - TFTP Boot]] | T1542.005 - TFTP Boot | | [[t1548-006-tcc-manipulation\|T1548.006 - TCC Manipulation]] | T1548.006 - TCC Manipulation | | [[t1550-use-alternate-authentication-material\|T1550 - Use Alternaté Authentication Material]] | T1550 - Use Alternaté Authentication Material | | [[t1550-001-application-access-token\|T1550.001 - Application Access Token]] | T1550.001 - Application Access Token | | [[t1550-001-app-access-token\|T1550.001 - Use Alternaté Authentication Material: Application Access Token]] | T1550.001 - Use Alternaté Authentication Material: Application Access Token | | [[t1550-002-pass-the-hash\|T1550.002 - Pass the Hash]] | T1550.002 - Pass the Hash | | [[t1550-003-pass-the-ticket\|T1550.003 - Pass the Ticket]] | T1550.003 - Pass the Ticket | | [[t1550-004-web-session-cookie\|T1550.004 - Web Session Cookie]] | T1550.004 - Web Session Cookie | | [[t1553-subvert-trust-controls\|T1553 - Subvert Trust Controls]] | T1553 - Subvert Trust Controls | | [[t1553-001-gatekeeper-bypass\|T1553.001 - Gatekeeper Bypass]] | T1553.001 - Gatekeeper Bypass | | [[t1553-002-code-signing\|T1553.002 - Code Signing]] | T1553.002 - Code Signing | | [[t1553-003-sip-and-trust-provider-hijacking\|T1553.003 - SIP and Trust Provider Hijacking]] | T1553.003 - SIP and Trust Provider Hijacking | | [[t1553-004-install-root-certificate\|T1553.004 - Install Root Certificaté]] | T1553.004 - Install Root Certificaté | | [[t1553-005-mark-of-the-web-bypass\|T1553.005 - Mark-of-the-Web Bypass]] | T1553.005 - Mark-of-the-Web Bypass | | [[t1553-006-code-signing-policy-modification\|T1553.006 - Code Signing Policy Modification]] | T1553.006 - Code Signing Policy Modification | | [[t1562-impair-defenses\|T1562 - Impair Defenses]] | T1562 - Impair Defenses | | [[t1562-001-disable-or-modify-tools\|T1562.001 - Disable or Modify Tools]] | T1562.001 - Disable or Modify Tools | | [[t1562-001-disable-tools\|T1562.001 - Disable or Modify Tools]] | T1562.001 - Disable or Modify Tools | | [[t1562-001-impair-defenses-disable-or-modify-tools\|T1562.001 - Impair Defenses: Disable or Modify Tools]] | T1562.001 - Impair Defenses: Disable or Modify Tools | | [[t1562-002-disable-windows-event-logging\|T1562.002 - Disable Windows Event Logging]] | T1562.002 - Disable Windows Event Logging | | [[t1562-003-impair-command-history-logging\|T1562.003 - Impair Command History Logging]] | T1562.003 - Impair Command History Logging | | [[t1562-004-disable-or-modify-system-firewall\|T1562.004 - Disable or Modify System Firewall]] | T1562.004 - Disable or Modify System Firewall | | [[t1562-006-indicator-blocking\|T1562.006 - Indicator Blocking]] | T1562.006 - Indicator Blocking | | [[t1562-007-disable-or-modify-cloud-firewall\|T1562.007 - Disable or Modify Cloud Firewall]] | T1562.007 - Disable or Modify Cloud Firewall | | [[t1562-008-disable-or-modify-cloud-logs\|T1562.008 - Disable or Modify Cloud Logs]] | T1562.008 - Disable or Modify Cloud Logs | | [[t1562-009-safe-mode-boot\|T1562.009 - Safe Mode Boot]] | T1562.009 - Safe Mode Boot | | [[t1562-010-downgrade-attack\|T1562.010 - Downgrade Attack]] | T1562.010 - Downgrade Attack | | [[t1562-011-spoof-security-alerting\|T1562.011 - Spoof Security Alerting]] | T1562.011 - Spoof Security Alerting | | [[t1562-012-disable-or-modify-linux-audit-system\|T1562.012 - Disable or Modify Linux Audit System]] | T1562.012 - Disable or Modify Linux Audit System | | [[t1562-013-disable-or-modify-network-device-firewall\|T1562.013 - Disable or Modify Network Device Firewall]] | T1562.013 - Disable or Modify Network Device Firewall | | [[t1564-hide-artifacts\|T1564 - Hide Artifacts]] | T1564 - Hide Artifacts | | [[t1564-001-hidden-files-and-directories\|T1564.001 - Hidden Files and Directories]] | T1564.001 - Hidden Files and Directories | | [[t1564-002-hidden-users\|T1564.002 - Hidden Users]] | T1564.002 - Hidden Users | | [[t1564-003-hidden-window\|T1564.003 - Hidden Window]] | T1564.003 - Hidden Window | | [[t1564-004-ntfs-file-attributes\|T1564.004 - NTFS File Attributes]] | T1564.004 - NTFS File Attributes | | [[t1564-005-hidden-file-system\|T1564.005 - Hidden File System]] | T1564.005 - Hidden File System | | [[t1564-006-run-virtual-instance\|T1564.006 - Run Virtual Instance]] | T1564.006 - Run Virtual Instance | | [[t1564-007-vba-stomping\|T1564.007 - VBA Stomping]] | T1564.007 - VBA Stomping | | [[t1564-008-email-hiding-rules\|T1564.008 - Email Hiding Rules]] | T1564.008 - Email Hiding Rules | | [[t1564-009-resource-forking\|T1564.009 - Resource Forking]] | T1564.009 - Resource Forking | | [[t1564-010-process-argument-spoofing\|T1564.010 - Process Argument Spoofing]] | T1564.010 - Process Argument Spoofing | | [[t1564-011-ignore-process-interrupts\|T1564.011 - Ignore Process Interrupts]] | T1564.011 - Ignore Process Interrupts | | [[t1564-012-filepath-exclusions\|T1564.012 - File/Path Exclusions]] | T1564.012 - File/Path Exclusions | | [[t1564-013-bind-mounts\|T1564.013 - Bind Mounts]] | T1564.013 - Bind Mounts | | [[t1564-014-extended-attributes\|T1564.014 - Extended Attributes]] | T1564.014 - Extended Attributes | | [[t1574-002-dll-side-loading\|T1574.002 - Hijack Execution Flow: DLL Side-Loading]] | T1574.002 - Hijack Execution Flow: DLL Side-Loading | | [[t1578-modify-cloud-compute-infrastructure\|T1578 - Modify Cloud Compute Infrastructure]] | T1578 - Modify Cloud Compute Infrastructure | | [[t1578-001-create-snapshot\|T1578.001 - Creaté Snapshot]] | T1578.001 - Creaté Snapshot | | [[t1578-002-create-cloud-instance\|T1578.002 - Creaté Cloud Instance]] | T1578.002 - Creaté Cloud Instance | | [[t1578-003-delete-cloud-instance\|T1578.003 - Delete Cloud Instance]] | T1578.003 - Delete Cloud Instance | | [[t1578-004-revert-cloud-instance\|T1578.004 - Revert Cloud Instance]] | T1578.004 - Revert Cloud Instance | | [[t1578-005-modify-cloud-compute-configurations\|T1578.005 - Modify Cloud Compute Configurations]] | T1578.005 - Modify Cloud Compute Configurations | | [[t1599-network-boundary-bridging\|T1599 - Network Boundary Bridging]] | T1599 - Network Boundary Bridging | | [[t1599-001-network-address-translation-traversal\|T1599.001 - Network Address Translation Traversal]] | T1599.001 - Network Address Translation Traversal | | [[t1600-weaken-encryption\|T1600 - Weaken Encryption]] | T1600 - Weaken Encryption | | [[t1600-001-reduce-key-space\|T1600.001 - Reduce Key Space]] | T1600.001 - Reduce Key Space | | [[t1600-002-disable-crypto-hardware\|T1600.002 - Disable Crypto Hardware]] | T1600.002 - Disable Crypto Hardware | | [[t1601-modify-system-image\|T1601 - Modify System Image]] | T1601 - Modify System Image | | [[t1601-001-patch-system-image\|T1601.001 - Patch System Image]] | T1601.001 - Patch System Image | | [[t1601-002-downgrade-system-image\|T1601.002 - Downgrade System Image]] | T1601.002 - Downgrade System Image | | [[t1610-deploy-container\|T1610 - Deploy Container]] | T1610 - Deploy Container | | [[t1612-build-image-on-host\|T1612 - Build Image on Host]] | T1612 - Build Image on Host | | [[t1620-reflective-code-loading\|T1620 - Reflective Code Loading]] | T1620 - Reflective Code Loading | | [[t1622-debugger-evasion\|T1622 - Debugger Evasion]] | T1622 - Debugger Evasion | | [[t1647-plist-file-modification\|T1647 - Plist File Modification]] | T1647 - Plist File Modification | | [[t1655-hide-artifacts-android\|T1655 - Hide Artifacts (Android)]] | T1655 - Hide Artifacts (Android) | | [[t1656-impersonation\|T1656 - Impersonation]] | T1656 - Impersonation | | [[t1666-modify-cloud-resource-hierarchy\|T1666 - Modify Cloud Resource Hierarchy]] | T1666 - Modify Cloud Resource Hierarchy | | [[t1672-email-spoofing\|T1672 - Email Spoofing]] | T1672 - Email Spoofing | | [[t1678-delay-execution\|T1678 - Delay Execution]] | T1678 - Delay Execution | | [[t1679-selective-exclusion\|T1679 - Selective Exclusion]] | T1679 - Selective Exclusion |  --- **Navegação:** [[_techniques|Técnicas]] · [[_tactics|Táticas]] · [[_procedures|Procedimentos]]