What is the authoritative source for D3-EFA?

Emulated File Analysis (D3-EFA) is catalogued in MITRE D3FEND and curated for EU compliance use cases by SQUR.

Detecttechnique

D3-EFAEmulated File Analysis

Emulated File Analysis

Definition

Emulating instructions in a file looking for specific patterns.

Defends against38

Type	Target	Confidence	Tier
Technique	System Network Configuration Discoveryt1016	100%	live
SubTechnique	Screensavert1546.002	100%	live
SubTechnique	Mshtat1218.005	100%	live
SubTechnique	Login Hookt1037.002	100%	live
SubTechnique	RC Scriptst1037.004	100%	live
SubTechnique	Path Interception by PATH Environment Variablet1574.007	100%	live
SubTechnique	Office Template Macrost1137.001	100%	live
SubTechnique	Path Interception by Search Order Hijackingt1574.008	100%	live
SubTechnique	Local Email Collectiont1114.001	100%	live
Technique	Deobfuscate/Decode Files or Informationt1140	100%	live
SubTechnique	VBA Stompingt1564.007	100%	live
SubTechnique	Component Object Model Hijackingt1546.015	100%	live
SubTechnique	Registry Run Keys / Startup Foldert1547.001	100%	live
SubTechnique	Network Logon Scriptt1037.003	100%	live
SubTechnique	Impair Command History Loggingt1562.003	100%	live
SubTechnique	Malicious Filet1204.002	100%	live
SubTechnique	Outlook Formst1137.003	100%	live
Technique	XSL Script Processingt1220	100%	live
Technique	Command and Scripting Interpretert1059	100%	live
SubTechnique	Compile After Deliveryt1027.004	100%	live
SubTechnique	LC_LOAD_DYLIB Additiont1546.006	100%	live
SubTechnique	Binary Paddingt1027.001	100%	live
SubTechnique	Thread Execution Hijackingt1055.003	100%	live
SubTechnique	PowerShell Profilet1546.013	100%	live
SubTechnique	Trapt1546.005	100%	live
SubTechnique	Path Interception by Unquoted Patht1574.009	100%	live
SubTechnique	Web Shellt1505.003	100%	live
SubTechnique	Accessibility Featurest1546.008	100%	live
SubTechnique	Spearphishing Linkt1566.002	100%	live
Technique	Internal Spearphishingt1534	100%	live