Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Defense Evasion/ T1497

T1497Virtualization/Sandbox Evasion

T1497 — Virtualization/Sandbox Evasion is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 8 detection use cases covering it and 2 threat-intel articles citing it.

Defense EvasionDiscovery
View on the matrix → Filter Detection Library MITRE official spec ↗
8Use cases
2Articles
3Sub-techniques
2Tactics

Sub-techniques (3)

T1497.001 · System ChecksT1497.003 · Time Based ChecksT1497.002 · User Activity Based Checks

Use cases covering this technique (8)

Headless Browser Usage ESCU actions · hunting P Windows Chromium Browser Launched with Small Window Size ESCU actions · alerting P Windows Chromium Browser No Security Sandbox Process ESCU actions · alerting P Windows Chromium Browser with Custom User Data Directory ESCU actions · hunting P Windows Chromium process Launched with Disable Popup Blocking ESCU actions · hunting P Windows Chromium Process Launched with Logging Disabled ESCU actions · hunting P Windows Chromium Process with Disabled Extensions ESCU actions · hunting P [LLM] Scavenger Stealer sandbox-evasion marker file %TEMP%\SCVNGR_VM created Bespoke install · alerting DSΣPDDCS

Articles citing this technique (2)

crit A rigged game: ScarCruft compromises gaming platform in a supply-chain attack art-332
crit Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware art-837