Execution
T1203 office_exploit_http: The document exhibits suspicious behavior (performs HTTP requests)
T1059.001 powershell_through_runspace: Executes PowerShell script without spawning powershell.exe process
Defense Evasion
T1027.002 unnamed_memory_regions_contains_pe: One or several unnamed memory regions are PE files
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_upx: The executable file is compressed using UPX
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1036 system_filename: Created a file named as a common system file
T1027.002 pe_features: Executable file has PE anomalies (may be false positive)
T1027.002 packer_aspack: Executable file is packed with ASPack
Command and Control
T1071.001 office_exploit_http: The document exhibits suspicious behavior (performs HTTP requests)
T1071.004 office_exploit_dns: The document exhibits suspicious behavior (performs DNS requests)
T1071.001 network_http: Performs HTTP requests
Other
yara_rules: Static rules
suricata_alert: Malicious traffic detected
ce_info: Remcos, ValleyRAT Configuration Data found
static_pe_anomaly: The PE file structure contains anomalies
static_rat_config: Contains unpacked trojan configuration
dotnet_obfuscated: Dotnet program is potentially obfuscated
static_pe_duplicate_sections: The PE file structure contains anomalies: duplicate section names
dotnet_suspicious_resources_names: Dotnet program has suspicious resources names
require_administrator: Requests administrator privileges
has_pdb: This executable file has a PDB path
dotnet_suspicious_module_name: Dotnet program has suspicious module name
dotnet_antimetadata_analysis: Dotnet program has anti-analysis tricks
dotnet_import_unmanaged_code: Dotnet program statically imports unmanaged functions/modules
origin_langid: Unconventional language of the executable file
pe_overlay: PE file contains overlay
dotnet_unmanaged_entrypoint: Dotnet program has unmanaged entrypoint
many_files_in_archive: The archive contains more than 5 files