EXPLORE
Sign In
← Back to Explore
T1027.002

Software Packing

Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual...

LinuxmacOSWindows
1
Detections
1
Sources
23
Threat Actors

BY SOURCE

1sigma

PROCEDURES (1)

Module Load Monitoring1 detections

Auto-extracted: 1 detections for module load monitoring

THREAT ACTORS (23)

Aoqin DragonAPT29APT3APT38APT39APT41Dark CaracalElderwoodGALLIUMKimsukyMedusa GroupMoustachedBouncerPatchworkRockeSaint BearStorm-0501TA2541TA505TeamTNTThe White CompanyThreat Group-3390Volt TyphoonZIRCONIUM

DETECTIONS (1)

Python Image Load By Non-Python Process
sigmalow