Antivirus/Antimalware

Use signatures or heuristics to detect malicious software.

ID: M1049
Version: 1.0

Techniques Addressed by Mitigation

Domain ID Name Description
Enterprise T1215 Kernel Modules and Extensions Common tools for detecting Linux rootkits include: rkhunter, chrootkit, although rootkits may be designed to evade certain detection tools. [1] [2]
Enterprise T1027 Obfuscated Files or Information Consider utilizing the Antimalware Scan Interface (AMSI) on Windows 10 to analyze commands after being processed/interpreted.
Enterprise T1045 Software Packing Employ heuristic-based malware detection. Ensure updated virus definitions and create custom signatures for observed malware.
Enterprise T1193 Spearphishing Attachment Anti-virus can also automatically quarantine suspicious files.
Enterprise T1194 Spearphishing via Service Anti-virus can also automatically quarantine suspicious files.
Enterprise T1221 Template Injection Network/Host intrusion prevention systems, antivirus, and detonation chambers can be employed to prevent documents from fetching and/or executing malicious payloads. [3]

References