Tactics, Techniques, and Procedures (TTPs) allows analysts to understand how the analyzed file operates, and the possible risk posed by it.
The TTPs feature expands the static analysis context provided by the Capabilities feature by focusing on the actual actions performed during dynamic execution.
How Does it Work?
Intezer Analyze identifies key characteristics and activities performed by the analyze file during the dynamic execution of the file, and maps them to the MITRE ATT&CK framework.
The Indicators table below displays each notable activity that was identified, the level of danger it poses, and additional technical details related to the activity.
In example below we can see that the malware performed a large amount of high severity actions such as multiple code injection attempts and installing itself to autorun in order to gain persistence.