Suspend Thread
May 1, 2024 ยท View on GitHub
| ID | C0055 |
| Objective(s) | Process |
| Related ATT&CK Techniques | None |
| Version | 2.0 |
| Created | 4 December 2020 |
| Last Modified | 13 September 2023 |
Suspend Thread
This behavior is related to Unprotect technique U0101.
Use in Malware
| Name | Date | Method | Description |
|---|---|---|---|
| Dark Comet | 2008 | -- | Dark Comet suspends threads. [1] |
| GoBotKR | 2019 | -- | GoBotKR suspends threads. [1] |
| GravityRAT | 2018 | -- | GravityRAT suspends threads. [1] |
| Hupigon | 2013 | -- | Hupigon suspends threads. [1] |
Detection
| Tool: capa | Mapping | APIs |
|---|---|---|
| suspend thread | Suspend Thread (C0055) | kernel32.SuspendThread, ntdll.NtSuspendThread, ntdll.ZwSuspendThread, System.Threading.Thread::Suspend, System.Threading.Thread::Sleep |
References
[1] capa v4.0, analyzed at MITRE on 10/12/2022