What is the authoritative source for D3-DF?

Decoy File (D3-DF) is catalogued in MITRE D3FEND and curated for EU compliance use cases by SQUR.

Deceivetechnique

D3-DFDecoy File

Decoy File

Definition

A file created for the purposes of deceiving an adversary.

Defends against99

Type	Target	Confidence	Tier
SubTechnique	Path Interception by PATH Environment Variablet1574.007	100%	live
Technique	Internal Spearphishingt1534	100%	live
Technique	Exfiltration Over C2 Channelt1041	100%	live
Technique	Command and Scripting Interpretert1059	100%	live
SubTechnique	Local Data Stagingt1074.001	100%	live
Technique	Software Deployment Toolst1072	100%	live
SubTechnique	Pluggable Authentication Modulest1556.003	100%	live
SubTechnique	Binary Paddingt1027.001	100%	live
SubTechnique	Credentials from Web Browserst1555.003	100%	live
Technique	File and Directory Discoveryt1083	100%	live
SubTechnique	Spearphishing Linkt1566.002	100%	live
SubTechnique	Invalid Code Signaturet1036.001	100%	live
SubTechnique	Archive via Custom Methodt1560.003	100%	live
Technique	Deobfuscate/Decode Files or Informationt1140	100%	live
SubTechnique	MSBuildt1127.001	100%	live
SubTechnique	Portable Executable Injectiont1055.002	100%	live
SubTechnique	Archive via Libraryt1560.002	100%	live
SubTechnique	LSASS Drivert1547.008	100%	live
SubTechnique	Thread Execution Hijackingt1055.003	100%	live
SubTechnique	Office Template Macrost1137.001	100%	live
SubTechnique	Rename System Utilitiest1036.003	100%	live
SubTechnique	Space after Filenamet1036.006	100%	live
SubTechnique	Spearphishing Attachmentt1566.001	100%	live
Technique	Forced Authenticationt1187	100%	live
SubTechnique	Malicious Filet1204.002	100%	live
SubTechnique	Emondt1546.014	100%	live
SubTechnique	AppCert DLLst1546.009	100%	live
SubTechnique	Software Packingt1027.002	100%	live
SubTechnique	Launch Agentt1543.001	100%	live
SubTechnique	Unix Shell Configuration Modificationt1546.004	100%	live