Detectsubtechnique
D3-FCRFile Content Rules
Definition
Employing a pattern matching rule language to analyze the content of files.
Defends against99
| Type | Target | Confidence | Tier |
|---|---|---|---|
| SubTechnique | Thread Execution Hijackingt1055.003 | 100% | live |
| SubTechnique | Pluggable Authentication Modulest1556.003 | 100% | live |
| Technique | Steal or Forge Authentication Certificatest1649 | 100% | live |
| Technique | System Owner/User Discoveryt1033 | 100% | live |
| SubTechnique | Launchdt1053.004 | 100% | live |
| SubTechnique | VBA Stompingt1564.007 | 100% | live |
| SubTechnique | Outlook Formst1137.003 | 100% | live |
| SubTechnique | Credentials from Web Browserst1555.003 | 100% | live |
| SubTechnique | LSASS Drivert1547.008 | 100% | live |
| SubTechnique | RC Scriptst1037.004 | 100% | live |
| SubTechnique | Impair Command History Loggingt1562.003 | 100% | live |
| Technique | Application Layer Protocolt1071 | 100% | live |
| SubTechnique | Software Packingt1027.002 | 100% | live |
| SubTechnique | Runtime Data Manipulationt1565.003 | 100% | live |
| SubTechnique | COR_PROFILERt1574.012 | 100% | live |
| SubTechnique | Path Interception by Search Order Hijackingt1574.008 | 100% | live |
| SubTechnique | Launch Agentt1543.001 | 100% | live |
| SubTechnique | Login Hookt1037.002 | 100% | live |
| Technique | Data from Local Systemt1005 | 100% | live |
| SubTechnique | Dylib Hijackingt1574.004 | 100% | live |
| SubTechnique | Path Interception by Unquoted Patht1574.009 | 100% | live |
| SubTechnique | VDSO Hijackingt1055.014 | 100% | live |
| SubTechnique | Exfiltration Over Asymmetric Encrypted Non-C2 Protocolt1048.002 | 100% | live |
| SubTechnique | Bash Historyt1552.003 | 100% | live |
| Technique | Software Deployment Toolst1072 | 100% | live |
| Technique | Credentials from Password Storest1555 | 100% | live |
| SubTechnique | Emondt1546.014 | 100% | live |
| SubTechnique | Kernel Modules and Extensionst1547.006 | 100% | live |
| SubTechnique | Archive via Custom Methodt1560.003 | 100% | live |
| SubTechnique | Trapt1546.005 | 100% | live |
Showing top 30 of 99 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.