Detecttechnique
D3-FCOAFile Content Analysis
File Content Analysis
Definition
Employing a pattern matching algorithm to statically analyze the content of files.
Defends against99
| Type | Target | Confidence | Tier |
|---|---|---|---|
| SubTechnique | Asymmetric Cryptographyt1573.002 | 100% | live |
| SubTechnique | Spearphishing Attachmentt1566.001 | 100% | live |
| SubTechnique | Systemd Servicet1543.002 | 100% | live |
| SubTechnique | Trapt1546.005 | 100% | live |
| SubTechnique | /etc/passwd and /etc/shadowt1003.008 | 100% | live |
| SubTechnique | Rename System Utilitiest1036.003 | 100% | live |
| SubTechnique | Dylib Hijackingt1574.004 | 100% | live |
| SubTechnique | Compile After Deliveryt1027.004 | 100% | live |
| Technique | Automated Collectiont1119 | 100% | live |
| SubTechnique | Malicious Filet1204.002 | 100% | live |
| SubTechnique | Thread Execution Hijackingt1055.003 | 100% | live |
| SubTechnique | Spearphishing via Servicet1566.003 | 100% | live |
| SubTechnique | Pluggable Authentication Modulest1556.003 | 100% | live |
| SubTechnique | Match Legitimate Name or Locationt1036.005 | 100% | live |
| SubTechnique | Emondt1546.014 | 100% | live |
| SubTechnique | Space after Filenamet1036.006 | 100% | live |
| SubTechnique | Software Packingt1027.002 | 100% | live |
| Technique | Software Deployment Toolst1072 | 100% | live |
| SubTechnique | Password Filter DLLt1556.002 | 100% | live |
| SubTechnique | VBA Stompingt1564.007 | 100% | live |
| SubTechnique | Local Data Stagingt1074.001 | 100% | live |
| SubTechnique | Exfiltration Over Asymmetric Encrypted Non-C2 Protocolt1048.002 | 100% | live |
| Technique | XSL Script Processingt1220 | 100% | live |
| Technique | Remote System Discoveryt1018 | 100% | live |
| SubTechnique | Office Template Macrost1137.001 | 100% | live |
| SubTechnique | Impair Command History Loggingt1562.003 | 100% | live |
| SubTechnique | Hidden Userst1564.002 | 100% | live |
| SubTechnique | AppInit DLLst1546.010 | 100% | live |
| SubTechnique | MSBuildt1127.001 | 100% | live |
| SubTechnique | Network Logon Scriptt1037.003 | 100% | live |
Showing top 30 of 99 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.