What is the authoritative source for D3-CQ?

Content Quarantine (D3-CQ) is catalogued in MITRE D3FEND and curated for EU compliance use cases by SQUR.

Isolatetechnique

D3-CQContent Quarantine

Content Quarantine

Transfer content that does not comply with policy to a quarantine zone.

Type	Target	Confidence	Tier
SubTechnique	Port Monitorst1547.010	100%	live
SubTechnique	Registry Run Keys / Startup Foldert1547.001	100%	live
SubTechnique	Credentials In Filest1552.001	100%	live
SubTechnique	Shortcut Modificationt1547.009	100%	live
Technique	XSL Script Processingt1220	100%	live
SubTechnique	Archive via Custom Methodt1560.003	100%	live
SubTechnique	Portable Executable Injectiont1055.002	100%	live
SubTechnique	Binary Paddingt1027.001	100%	live
SubTechnique	Office Testt1137.002	100%	live
Technique	Rootkitt1014	100%	live
SubTechnique	DLL Search Order Hijackingt1574.001	100%	live
SubTechnique	Local Data Stagingt1074.001	100%	live
SubTechnique	LC_LOAD_DYLIB Additiont1546.006	100%	live
SubTechnique	Outlook Formst1137.003	100%	live
SubTechnique	Match Legitimate Name or Locationt1036.005	100%	live
Technique	File and Directory Discoveryt1083	100%	live
SubTechnique	Services Registry Permissions Weaknesst1574.011	100%	live
SubTechnique	Web Protocolst1071.001	100%	live
SubTechnique	Netsh Helper DLLt1546.007	100%	live
SubTechnique	Invalid Code Signaturet1036.001	100%	live
SubTechnique	Launch Daemont1543.004	100%	live
SubTechnique	Malicious Filet1204.002	100%	live
SubTechnique	LSASS Drivert1547.008	100%	live
SubTechnique	Software Packingt1027.002	100%	live
SubTechnique	Control Panelt1218.002	100%	live
SubTechnique	Launchdt1053.004	100%	live
SubTechnique	Time Providerst1547.003	100%	live
SubTechnique	Dynamic Linker Hijackingt1574.006	100%	live
SubTechnique	Rundll32t1218.011	100%	live
SubTechnique	MSBuildt1127.001	100%	live