#T1497.003 Time Based Checks

Technique

  • Tactics: Defense Evasion, Discovery
  • Description:

    Adversaries may employ various time-based methods to detect virtualization and analysis environments, particularly those that attempt to manipulate time mechanisms to simulate longer elapses of time. This may include enumerating time-based properties, such as uptime or the system clock.

    Adversaries may use calls like `GetTickCount` and `GetSystemTimeAsFileTime` to discover if they are operating within a virtual machine or sandbox, or may be able to identify a sandbox accelerating time by sampling and calculating the expected value for an environment's timestamp before and after execution of a sleep function.(Citation: ISACA Malware Tricks)

  • First Seen: Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack • 2023-04-20
MITRE ATT&CK

Tagged Reports

2026-05-27
Ahnlab
#Kimsuky #Phishing #LNK #MeshAgent #T1566.001 #T1204.002 #T1059.001 #T1218.005 #T1105 #T1027 #T1140 #T1056.001 #T1115 #T1055 #T1497.003
#TraderTraitor #T1059.007 #T1082 #T1036 #T1041 #T1008 #T1027 #T1070.009 #T1622 #T1573.001 #T1571 #T1497.003 #T1102.001 #T1583.003 #T1195.001
2023-06-29
UKNCSC
#SmoothOperator #3CXDesktopApp #T1119 #T1070.004 #T1008 #T1020 #T1497.003 #T1554 #T1071.001 #T1140 #T1195.001
2023-05-09
Ecu CERT
#SmoothOperator #DreamJob #T1134.002 #T1090 #T1573.001 #T1497.003 #T1140 #T1027.009 #T1585.003 #T1070.004 #T1587.001 #T1041 #T1132.001 #T1608.001 #T1204.002 #T1562.003 #T1071.001 #T1083 #T1546.004 #T1593.001 #T1566.002 #T1584.001
2023-04-20
ESET
#3CXDesktopApp #SmoothOperator #YARA #DreamJob #T1134.002 #T1090 #T1573.001 #T1497.003 #T1140 #T1027.009 #T1585.003 #T1070.004 #T1587.001 #T1041 #T1132.001 #T1608.001 #T1204.002 #T1562.003 #T1071.001 #T1083 #T1546.004 #T1593.001 #T1566.002 #T1584.001
« Back