Home/ MITRE Matrix/ Defense Evasion/ T1574.014

T1574.014AppDomainManager

T1574.014 — AppDomainManager is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 5 detection use cases covering it and 2 threat-intel articles citing it.

Defense EvasionExecution

View on the matrix → Filter Detection Library MITRE official spec ↗

5Use cases

2Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1574 · Hijack Execution Flow

Use cases covering this technique (5)

Windows Potential AppDomainManager Hijack Artifacts Creation ESCU actions · hunting P [LLM] MiniUpdate UpdateChecker.dll sideload via legitimate signed .NET host Bespoke install · alerting DSΣPDDCS [LLM] Screening Serpens AppDomainManager hijack via .NET app .config tampering Bespoke install · alerting DSPDDCS [LLM] NosyDoor AppDomainManager hijack: UevAppMonitor.exe executing from non-standard path Bespoke install · alerting DSΣP [LLM] NosyDoor dropper file artefacts in C:\Windows\Microsoft.NET\Framework Bespoke install · alerting DSP

Articles citing this technique (2)

crit Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns art-217

crit LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan art-642