Execution
T1059.007 pdf_js: PDF contains JavaScript
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Other
yara_rules: Static rules
pdf_page: Contains only one page
pdf_compressed_stream: Contains an object with compressed stream
get_policy_info: Retrieves information about a Policy object