Isolatesubtechnique
D3-FCDCFile Content Decompression Checking
Definition
Checking if compressed or encoded data sections can be successfully decompressed or decoded. Can follow with further analysis with semantic knowledge
Defends against99
| Type | Target | Confidence | Tier |
|---|---|---|---|
| SubTechnique | Credentials In Filest1552.001 | 100% | live |
| Technique | Archive Collected Datat1560 | 100% | live |
| Technique | Command and Scripting Interpretert1059 | 100% | live |
| SubTechnique | Registry Run Keys / Startup Foldert1547.001 | 100% | live |
| Technique | Remote System Discoveryt1018 | 100% | live |
| SubTechnique | Path Interception by Search Order Hijackingt1574.008 | 100% | live |
| SubTechnique | Asymmetric Cryptographyt1573.002 | 100% | live |
| SubTechnique | LC_LOAD_DYLIB Additiont1546.006 | 100% | live |
| SubTechnique | Archive via Utilityt1560.001 | 100% | live |
| SubTechnique | Web Protocolst1071.001 | 100% | live |
| SubTechnique | Binary Paddingt1027.001 | 100% | live |
| SubTechnique | COR_PROFILERt1574.012 | 100% | live |
| SubTechnique | Exfiltration Over Asymmetric Encrypted Non-C2 Protocolt1048.002 | 100% | live |
| SubTechnique | Login Hookt1037.002 | 100% | live |
| Technique | File and Directory Discoveryt1083 | 100% | live |
| SubTechnique | Clear Linux or Mac System Logst1070.002 | 100% | live |
| SubTechnique | Office Template Macrost1137.001 | 100% | live |
| SubTechnique | Malicious Filet1204.002 | 100% | live |
| SubTechnique | Launchdt1053.004 | 100% | live |
| SubTechnique | Dynamic-link Library Injectiont1055.001 | 100% | live |
| Technique | Software Deployment Toolst1072 | 100% | live |
| SubTechnique | Pluggable Authentication Modulest1556.003 | 100% | live |
| SubTechnique | Path Interception by Unquoted Patht1574.009 | 100% | live |
| SubTechnique | Emondt1546.014 | 100% | live |
| SubTechnique | Archive via Custom Methodt1560.003 | 100% | live |
| SubTechnique | File Deletiont1070.004 | 100% | live |
| SubTechnique | Trapt1546.005 | 100% | live |
| SubTechnique | VDSO Hijackingt1055.014 | 100% | live |
| Technique | System Network Configuration Discoveryt1016 | 100% | live |
| SubTechnique | Component Object Model Hijackingt1546.015 | 100% | live |
Showing top 30 of 99 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.