albertzsigovits · November 3, 2022 15:40
diff --git a/malware_template.txt b/malware_template.txt
    Recon
    Delivery
    Execution
        Exec arguments, parameters
        Command line execution
    Privilege Escalation
        Token impersonation
        Admin escalation
        Exploits
    Lateral movement
        Share enumeration
    Encryption process
    Malware configuration
        Config decoding, extraction
    Network activity/C2
        PCAP captures
        C2 traffic pattern
        HTTP(S) requests, response
    Exploits used and included
    Persistence mechanisms
        Mutex
        Services
        Registry
        Scheduled Task
        Driver
    Evasion
        Injections techniques 
        UAC bypasses 
        Hooking
        AntiAV
        AntiVM
        AntiDebug
        AntiSandbox
        AntiAnalysis
        AntiDebugging
    Exfiltration steps
    Cleanup
        Log deletion
        Deleting clues
	Recon
	Delivery
	Execution
	Exec arguments, parameters
	Command line execution
	Privilege Escalation
	Token impersonation
	Admin escalation
	Exploits
	Lateral movement
	Share enumeration
	Encryption process
	Malware configuration
	Config decoding, extraction
	Network activity/C2
	PCAP captures
	C2 traffic pattern
	HTTP(S) requests, response
	Exploits used and included
	Persistence mechanisms
	Mutex
	Services
	Registry
	Scheduled Task
	Driver
	Evasion
	Injections techniques
	UAC bypasses
	Hooking
	AntiAV
	AntiVM
	AntiDebug
	AntiSandbox
	AntiAnalysis
	AntiDebugging
	Exfiltration steps
	Cleanup
	Log deletion
	Deleting clues