What is the authoritative source for D3-FH?

File Hashing (D3-FH) is catalogued in MITRE D3FEND and curated for EU compliance use cases by SQUR.

Detecttechnique

D3-FHFile Hashing

File Hashing

Employing file hash comparisons to detect known malware.

Type	Target	Confidence	Tier
SubTechnique	Screensavert1546.002	100%	live
SubTechnique	Local Email Collectiont1114.001	100%	live
SubTechnique	Path Interception by Unquoted Patht1574.009	100%	live
SubTechnique	Archive via Custom Methodt1560.003	100%	live
SubTechnique	File Deletiont1070.004	100%	live
SubTechnique	Local Data Stagingt1074.001	100%	live
SubTechnique	Network Logon Scriptt1037.003	100%	live
SubTechnique	Path Interception by Search Order Hijackingt1574.008	100%	live
Technique	Data Encrypted for Impactt1486	100%	live
SubTechnique	Registry Run Keys / Startup Foldert1547.001	100%	live
Technique	Credentials from Password Storest1555	100%	live
SubTechnique	Exfiltration Over Asymmetric Encrypted Non-C2 Protocolt1048.002	100%	live
SubTechnique	Outlook Formst1137.003	100%	live
SubTechnique	Trapt1546.005	100%	live
SubTechnique	Archive via Libraryt1560.002	100%	live
SubTechnique	Launch Daemont1543.004	100%	live
Technique	Internal Spearphishingt1534	100%	live
SubTechnique	Credentials In Filest1552.001	100%	live
SubTechnique	Rename System Utilitiest1036.003	100%	live
SubTechnique	DLL Side-Loadingt1574.002	100%	live
SubTechnique	Re-opened Applicationst1547.007	100%	live
SubTechnique	RC Scriptst1037.004	100%	live
SubTechnique	Launchdt1053.004	100%	live
Technique	Software Deployment Toolst1072	100%	live
Technique	XSL Script Processingt1220	100%	live
SubTechnique	Compile After Deliveryt1027.004	100%	live
Technique	Rootkitt1014	100%	live
SubTechnique	Portable Executable Injectiont1055.002	100%	live
SubTechnique	Dynamic Linker Hijackingt1574.006	100%	live
SubTechnique	Dylib Hijackingt1574.004	100%	live