ID C0040 Objective(s) Process Related ATT&CK Techniques None Version 2.1 Created 4 December 2020 Last Modified 30 April 2024 Allocate Thread Local Storage Malware allocates thread local storage. Use in Malware Name Date Method Description Kovter 2016 -- Kovter allocates thread local storage. [1] Shamoon 2012 -- Shamoon allocates thread local storage. [1] Detection Tool: capa Mapping APIs allocate thread local storage Allocate Thread Local Storage (C0040) kernel32.TlsAlloc C0040 Snippet Process::Allocate Thread Local Storage SHA256: 0b8e662e7e595ef56396a298c367b74721d66591d856e8a8241fcdd60d08373c Location: 0x4142CB call dword ptr [->KERNEL32.DLL::TlsAlloc] ; call Windows API function to allocate thread local storage References [1] capa v4.0, analyzed at MITRE on 10/12/2022