What is the authoritative source for D3-CNE?

Content Excision (D3-CNE) is catalogued in MITRE D3FEND and curated for EU compliance use cases by SQUR.

Isolatesubtechnique

D3-CNEContent Excision

Definition

Removing specific, potentially malicious, parts of content

Defends against99

Type	Target	Confidence	Tier
SubTechnique	Hidden Windowt1564.003	100%	live
Technique	File and Directory Discoveryt1083	100%	live
SubTechnique	Credentials In Filest1552.001	100%	live
SubTechnique	Space after Filenamet1036.006	100%	live
SubTechnique	Mshtat1218.005	100%	live
SubTechnique	Run Virtual Instancet1564.006	100%	live
SubTechnique	Archive via Utilityt1560.001	100%	live
Technique	Rootkitt1014	100%	live
SubTechnique	Accessibility Featurest1546.008	100%	live
SubTechnique	Unix Shell Configuration Modificationt1546.004	100%	live
SubTechnique	/etc/passwd and /etc/shadowt1003.008	100%	live
SubTechnique	Impair Command History Loggingt1562.003	100%	live
SubTechnique	Thread Execution Hijackingt1055.003	100%	live
SubTechnique	Exfiltration Over Asymmetric Encrypted Non-C2 Protocolt1048.002	100%	live
Technique	Forced Authenticationt1187	100%	live
SubTechnique	Office Template Macrost1137.001	100%	live
Technique	XSL Script Processingt1220	100%	live
SubTechnique	Launchdt1053.004	100%	live
Technique	Steal or Forge Authentication Certificatest1649	100%	live
SubTechnique	Binary Paddingt1027.001	100%	live
SubTechnique	Logon Script (Windows)t1037.001	100%	live
SubTechnique	Proc Memoryt1055.009	100%	live
SubTechnique	Systemd Servicet1543.002	100%	live
SubTechnique	Path Interception by Unquoted Patht1574.009	100%	live
SubTechnique	Clear Linux or Mac System Logst1070.002	100%	live
Technique	Deobfuscate/Decode Files or Informationt1140	100%	live
SubTechnique	COR_PROFILERt1574.012	100%	live
SubTechnique	Web Protocolst1071.001	100%	live
Technique	Credentials from Password Storest1555	100%	live
SubTechnique	DLL Search Order Hijackingt1574.001	100%	live