Group Name
Training Data - Process Hollowing SQL (Hive)
Scenario
In this training scenario, we will execute a ransomware payload via process hollowing, an injection / evasion technique where a process is started and has its executable code modified to do some other behavior.
...
Relevant documentation
Mitre T1559 - Inter-Process communication can provide control over the target process from the injector once the injection is complete.
Mitre T1106 - Native APIs are often the closest access to operating system functionality for accessing files, running processes, and more.
Mitre T1569 - Injecting into a system service such as an existing
svchostcan disguise malicious code to be reported as running from a well known and trusted process.Mitre T1055 - Process injection, usually used to run malicious code in a target process while allowing the original process to continue.
Mitre T1543 - Creating or modifying a system process can disguise malicious code as a normal, trusted system process from malware detection.
...