ATT&CK Changes Between v19.0 and v19.1

Key

New objects: ATT&CK objects which are only present in the new release.
Major version changes: ATT&CK objects that have a major version change. (e.g. 1.0 → 2.0)
Minor version changes: ATT&CK objects that have a minor version change. (e.g. 1.0 → 1.1)
Other version changes: ATT&CK objects that have a version change of any other kind. (e.g. 1.0 → 1.2)
Patches: ATT&CK objects that have been patched while keeping the version the same. (e.g., 1.0 → 1.0 but something like a typo, a URL, or some metadata was fixed)
Object revocations: ATT&CK objects which are revoked by a different object.
Object deprecations: ATT&CK objects which are deprecated and no longer in use, and not replaced.
Object deletions: ATT&CK objects which are no longer found in the STIX data.

Additional formats

These ATT&CK Navigator layer files can be uploaded to ATT&CK Navigator manually.

This JSON file contains the machine readble output used to create this page: changelog.json

Techniques

enterprise-attack

Patches

[T1548] Abuse Elevation Control Mechanism

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-21 18:05:00.504000+00:00	2026-05-12 15:12:00.639000+00:00

[T1134] Access Token Manipulation

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:53:44.334000+00:00	2026-05-12 15:12:00.722000+00:00

[T1087] Account Discovery

Current version: 2.6

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:57.239000+00:00	2026-05-12 15:12:00.641000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1098] Account Manipulation

Current version: 2.8

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:10.273000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1557] Adversary-in-the-Middle

Current version: 2.5

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:18:32.903000+00:00	2026-05-12 15:12:00.620000+00:00

[T1574.014] Hijack Execution Flow: AppDomainManager

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:57:09.601000+00:00	2026-05-12 15:12:00.626000+00:00

[T1059.002] Command and Scripting Interpreter: AppleScript

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:39.348000+00:00	2026-05-12 15:12:00.626000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1550.001] Use Alternate Authentication Material: Application Access Token

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:48:23.373000+00:00	2026-05-12 15:12:00.723000+00:00

[T1010] Application Window Discovery

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:44.488000+00:00	2026-05-12 15:12:00.630000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1560] Archive Collected Data

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:48.023000+00:00	2026-05-12 15:12:00.633000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1560.001] Archive Collected Data: Archive via Utility

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:19.477000+00:00	2026-05-12 15:12:00.619000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1588.007] Obtain Capabilities: Artificial Intelligence

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 16:06:03.711000+00:00	2026-05-12 15:12:00.620000+00:00

[T1573.002] Encrypted Channel: Asymmetric Cryptography

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:18.961000+00:00	2026-05-12 15:12:00.713000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1055.004] Process Injection: Asynchronous Procedure Call

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:26:41.151000+00:00	2026-05-12 15:12:00.644000+00:00

[T1123] Audio Capture

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:24.702000+00:00	2026-05-12 15:12:00.620000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1683.002] Generate Content: Audio-Visual Content

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 15:34:51.855000+00:00	2026-05-12 15:12:00.705000+00:00

[T1119] Automated Collection

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:35.995000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1020] Automated Exfiltration

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:58.340000+00:00	2026-05-12 15:12:00.642000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1197] BITS Jobs

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:57:02.003000+00:00	2026-05-12 15:12:00.716000+00:00

[T1102.002] Web Service: Bidirectional Communication

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:18.602000+00:00	2026-05-12 15:12:00.713000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1027.001] Obfuscated Files or Information: Binary Padding

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:15:33.904000+00:00	2026-05-12 15:12:00.635000+00:00

[T1564.013] Hide Artifacts: Bind Mounts

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:17:48.263000+00:00	2026-05-12 15:12:00.635000+00:00

[T1037] Boot or Logon Initialization Scripts

Current version: 2.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:20.077000+00:00	2026-05-12 15:12:00.619000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1542.003] Pre-OS Boot: Bootkit

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 18:38:49.558000+00:00	2026-05-12 15:12:00.622000+00:00

[T1584.005] Compromise Infrastructure: Botnet

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:02.197000+00:00	2026-05-12 15:12:00.669000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1036.009] Masquerading: Break Process Trees

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:32:49.027000+00:00	2026-05-12 15:12:00.625000+00:00

[T1036.012] Masquerading: Browser Fingerprint

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:37:12.322000+00:00	2026-05-12 15:12:00.707000+00:00

[T1217] Browser Information Discovery

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:50.561000+00:00	2026-05-12 15:12:00.635000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1185] Browser Session Hijacking

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:48.383000+00:00	2026-05-12 15:12:00.633000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1110] Brute Force

Current version: 2.8

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:12.218000+00:00	2026-05-12 15:12:00.706000+00:00

[T1612] Build Image on Host

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:56:51.027000+00:00	2026-05-12 15:12:00.662000+00:00

[T1548.002] Abuse Elevation Control Mechanism: Bypass User Account Control

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:51:31.419000+00:00	2026-05-12 15:12:00.621000+00:00

[T1218.003] System Binary Proxy Execution: CMSTP

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:37:18.154000+00:00	2026-05-12 15:12:00.631000+00:00

[T1574.012] Hijack Execution Flow: COR_PROFILER

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 18:58:17.752000+00:00	2026-05-12 15:12:00.727000+00:00

[T1070.003] Indicator Removal: Clear Command History

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:27:09.604000+00:00	2026-05-12 15:12:00.627000+00:00

[T1685.006] Disable or Modify Tools: Clear Linux or Mac System Logs

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:41:39.190000+00:00	2026-05-12 15:12:00.635000+00:00

[T1070.008] Indicator Removal: Clear Mailbox Data

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:27:22.074000+00:00	2026-05-12 15:12:00.629000+00:00

[T1070.007] Indicator Removal: Clear Network Connection History and Configurations

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 19:27:07.242000+00:00	2026-05-12 15:12:00.627000+00:00

[T1070.009] Indicator Removal: Clear Persistence

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:28:24.292000+00:00	2026-05-12 15:12:00.717000+00:00

[T1685.005] Disable or Modify Tools: Clear Windows Event Logs

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:41:59.512000+00:00	2026-05-12 15:12:00.642000+00:00

[T1127.002] Trusted Developer Utilities Proxy Execution: ClickOnce

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:45:37.624000+00:00	2026-05-12 15:12:00.716000+00:00

[T1592.004] Gather Victim Host Information: Client Configurations

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:58.431000+00:00	2026-05-12 15:12:00.642000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1115] Clipboard Data

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:36.079000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1059.009] Command and Scripting Interpreter: Cloud API

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 19:58:32.612000+00:00	2026-05-12 15:12:00.634000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1585.003] Establish Accounts: Cloud Accounts

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:06.502000+00:00	2026-05-12 15:12:00.705000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1078.004] Valid Accounts: Cloud Accounts

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:51:18.773000+00:00	2026-05-12 15:12:00.723000+00:00

[T1586.003] Compromise Accounts: Cloud Accounts

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:41.215000+00:00	2026-05-12 15:12:00.628000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1651] Cloud Administration Command

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 19:59:13.081000+00:00	2026-05-12 15:12:00.721000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1686.001] Disable or Modify System Firewall: Cloud Firewall

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:38:27.348000+00:00	2026-05-12 15:12:00.723000+00:00

[T1580] Cloud Infrastructure Discovery

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:49.479000+00:00	2026-05-12 15:12:00.635000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1552.005] Unsecured Credentials: Cloud Instance Metadata API

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:27.965000+00:00	2026-05-12 15:12:00.622000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1555.006] Credentials from Password Stores: Cloud Secrets Management Stores

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 22:03:00.834000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1526] Cloud Service Discovery

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:17:35.798000+00:00	2026-05-12 15:12:00.722000+00:00

[T1619] Cloud Storage Object Discovery

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:03.853000+00:00	2026-05-12 15:12:00.685000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1213.003] Data from Information Repositories: Code Repositories

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:25.081000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1593.003] Search Open Websites/Domains: Code Repositories

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:56.790000+00:00	2026-05-12 15:12:00.641000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1553.002] Subvert Trust Controls: Code Signing

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.093000+00:00	2026-05-12 15:12:00.624000+00:00

[T1553.006] Subvert Trust Controls: Code Signing Policy Modification

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.034000+00:00	2026-05-12 15:12:00.634000+00:00

[T1027.010] Obfuscated Files or Information: Command Obfuscation

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:16:39.249000+00:00	2026-05-12 15:12:00.718000+00:00

[T1059] Command and Scripting Interpreter

Current version: 2.7

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-27 20:03:38.098000+00:00	2026-05-12 15:12:00.641000+00:00

[T1027.004] Obfuscated Files or Information: Compile After Delivery

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:16:52.765000+00:00	2026-05-12 15:12:00.716000+00:00

[T1218.001] System Binary Proxy Execution: Compiled HTML File

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:37:42.151000+00:00	2026-05-12 15:12:00.706000+00:00

[T1542.002] Pre-OS Boot: Component Firmware

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 18:38:49.538000+00:00	2026-05-12 15:12:00.643000+00:00

[T1559.001] Inter-Process Communication: Component Object Model

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:35.814000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1027.015] Obfuscated Files or Information: Compression

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:16:53.338000+00:00	2026-05-12 15:12:00.726000+00:00

[T1554] Compromise Host Software Binary

Current version: 2.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 18:57:08.883000+00:00	2026-05-12 15:12:00.706000+00:00

[T1195.001] Supply Chain Compromise: Compromise Software Dependencies and Development Tools

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:27.436000+00:00	2026-05-12 15:12:00.622000+00:00

[T1556.009] Modify Authentication Process: Conditional Access Policies

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.111000+00:00	2026-05-12 15:12:00.717000+00:00

[T1213.001] Data from Information Repositories: Confluence

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:59.776000+00:00	2026-05-12 15:12:00.643000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1218.002] System Binary Proxy Execution: Control Panel

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:37:43.971000+00:00	2026-05-12 15:12:00.632000+00:00

[T1578.002] Modify Cloud Compute Infrastructure: Create Cloud Instance

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.862000+00:00	2026-05-12 15:12:00.717000+00:00

[T1134.002] Access Token Manipulation: Create Process with Token

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:55:37.484000+00:00	2026-05-12 15:12:00.639000+00:00

[T1578.001] Modify Cloud Compute Infrastructure: Create Snapshot

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.934000+00:00	2026-05-12 15:12:00.723000+00:00

[T1543] Create or Modify System Process

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:24.896000+00:00	2026-05-12 15:12:00.621000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1110.004] Brute Force: Credential Stuffing

Current version: 1.7

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:14.923000+00:00	2026-05-12 15:12:00.708000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1552.001] Unsecured Credentials: Credentials In Files

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:03+00:00	2026-05-12 15:12:00.672000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1555] Credentials from Password Stores

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:41.974000+00:00	2026-05-12 15:12:00.628000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1555.003] Credentials from Password Stores: Credentials from Web Browsers

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:49.577000+00:00	2026-05-12 15:12:00.635000+00:00

[T1552.002] Unsecured Credentials: Credentials in Registry

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:37.378000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1574.001] Hijack Execution Flow: DLL

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:57:22.515000+00:00	2026-05-12 15:12:00.624000+00:00

[T1071.004] Application Layer Protocol: DNS

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:27.877000+00:00	2026-05-12 15:12:00.622000+00:00

[T1568.003] Dynamic Resolution: DNS Calculation

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:03.093000+00:00	2026-05-12 15:12:00.673000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1485] Data Destruction

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:27.149000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1132] Data Encoding

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:23.915000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1486] Data Encrypted for Impact

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:16.589000+00:00	2026-05-12 15:12:00.709000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1565] Data Manipulation

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-20 15:10:23.526000+00:00	2026-05-12 15:12:00.707000+00:00

[T1001] Data Obfuscation

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:13.380000+00:00	2026-05-12 15:12:00.707000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1074] Data Staged

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:01.010000+00:00	2026-05-12 15:12:00.645000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1530] Data from Cloud Storage

Current version: 2.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:37.187000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1005] Data from Local System

Current version: 1.8

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:40.839000+00:00	2026-05-12 15:12:00.628000+00:00

[T1213.006] Data from Information Repositories: Databases

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-21 23:54:04.429000+00:00	2026-05-12 15:12:00.623000+00:00

[T1102.001] Web Service: Dead Drop Resolver

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:37.828000+00:00	2026-05-12 15:12:00.725000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1622] Debugger Evasion

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:57:49.208000+00:00	2026-05-12 15:12:00.723000+00:00

[T1078.001] Valid Accounts: Default Accounts

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:50:51.753000+00:00	2026-05-12 15:12:00.636000+00:00

[T1678] Delay Execution

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:57:37.301000+00:00	2026-05-12 15:12:00.706000+00:00

[T1578.003] Modify Cloud Compute Infrastructure: Delete Cloud Instance

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.915000+00:00	2026-05-12 15:12:00.641000+00:00

[T1140] Deobfuscate/Decode Files or Information

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:58:25.069000+00:00	2026-05-12 15:12:00.628000+00:00

[T1610] Deploy Container

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:59:11.024000+00:00	2026-05-12 15:12:00.634000+00:00

[T1006] Direct Volume Access

Current version: 3.0

	Old Description			New Description
t	1	Adversaries may directly access a volume to bypass file acce	t	1	Adversaries may directly access a volume to bypass file acce
	>	ss controls and file system monitoring. Windows allows progr		>	ss controls and file system monitoring. Windows allows progr
	>	ams to have direct access to logical volumes. Programs with		>	ams to have direct access to logical volumes. Programs with
	>	direct access may read and write files directly from the dri		>	direct access may read and write files directly from the dri
	>	ve by analyzing file system data structures. This technique		>	ve by analyzing file system data structures. This technique
	>	may bypass Windows file access controls as well as file syst		>	may bypass Windows file access controls as well as file syst
	>	em monitoring tools. (Citation: Hakobyan 2009) Utilities, s		>	em monitoring tools.(Citation: Hakobyan 2009) Utilities, su
	>	uch as `NinjaCopy`, exist to perform these actions in PowerS		>	ch as `NinjaCopy`, exist to perform these actions in PowerSh
	>	hell.(Citation: Github PowerSploit Ninjacopy) Adversaries ma		>	ell.(Citation: Github PowerSploit Ninjacopy) Adversaries may
	>	y also use built-in or third-party utilities (such as `vssad		>	also use built-in or third-party utilities (such as `vssadm
	>	min`, `wbadmin`, and [esentutl](https://attack.mitre.org/sof		>	in`, `wbadmin`, and [esentutl](https://attack.mitre.org/soft
	>	tware/S0404)) to create shadow copies or backups of data fro		>	ware/S0404)) to create shadow copies or backups of data from
	>	m system volumes.(Citation: LOLBAS Esentutl)		>	system volumes.(Citation: LOLBAS Esentutl)

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:59:05.018000+00:00	2026-05-12 15:12:00.620000+00:00
description	Adversaries may directly access a volume to bypass file access controls and file system monitoring. Windows allows programs to have direct access to logical volumes. Programs with direct access may read and write files directly from the drive by analyzing file system data structures. This technique may bypass Windows file access controls as well as file system monitoring tools. (Citation: Hakobyan 2009) Utilities, such as `NinjaCopy`, exist to perform these actions in PowerShell.(Citation: Github PowerSploit Ninjacopy) Adversaries may also use built-in or third-party utilities (such as `vssadmin`, `wbadmin`, and [esentutl](https://attack.mitre.org/software/S0404)) to create shadow copies or backups of data from system volumes.(Citation: LOLBAS Esentutl)	Adversaries may directly access a volume to bypass file access controls and file system monitoring. Windows allows programs to have direct access to logical volumes. Programs with direct access may read and write files directly from the drive by analyzing file system data structures. This technique may bypass Windows file access controls as well as file system monitoring tools.(Citation: Hakobyan 2009) Utilities, such as `NinjaCopy`, exist to perform these actions in PowerShell.(Citation: Github PowerSploit Ninjacopy) Adversaries may also use built-in or third-party utilities (such as `vssadmin`, `wbadmin`, and [esentutl](https://attack.mitre.org/software/S0404)) to create shadow copies or backups of data from system volumes.(Citation: LOLBAS Esentutl)

[T1600.002] Weaken Encryption: Disable Crypto Hardware

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.028000+00:00	2026-05-12 15:12:00.662000+00:00

[T1685.002] Disable or Modify Tools: Disable or Modify Cloud Log

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:42:27.748000+00:00	2026-05-12 15:12:00.625000+00:00

[T1685.004] Disable or Modify Tools: Disable or Modify Linux Audit System Log

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:42:49.357000+00:00	2026-05-12 15:12:00.623000+00:00

[T1686] Disable or Modify System Firewall

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:36:31.474000+00:00	2026-05-12 15:12:00.723000+00:00

[T1685] Disable or Modify Tools

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:39:46.202000+00:00	2026-05-12 15:12:00.712000+00:00

[T1685.001] Disable or Modify Tools: Disable or Modify Windows Event Log

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:43:20.588000+00:00	2026-05-12 15:12:00.621000+00:00

[T1561.001] Disk Wipe: Disk Content Wipe

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:38.983000+00:00	2026-05-12 15:12:00.726000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1561.002] Disk Wipe: Disk Structure Wipe

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:22.482000+00:00	2026-05-12 15:12:00.620000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1087.002] Account Discovery: Domain Account

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:31.050000+00:00	2026-05-12 15:12:00.622000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1078.002] Valid Accounts: Domain Accounts

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:50:57.880000+00:00	2026-05-12 15:12:00.714000+00:00

[T1556.001] Modify Authentication Process: Domain Controller Authentication

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.091000+00:00	2026-05-12 15:12:00.717000+00:00

[T1568.002] Dynamic Resolution: Domain Generation Algorithms

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:25.458000+00:00	2026-05-12 15:12:00.621000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1069.002] Permission Groups Discovery: Domain Groups

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:33.946000+00:00	2026-05-12 15:12:00.623000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1482] Domain Trust Discovery

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:58.061000+00:00	2026-05-12 15:12:00.642000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1484] Domain or Tenant Policy Modification

Current version: 4.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.114000+00:00	2026-05-12 15:12:00.723000+00:00

[T1583.001] Acquire Infrastructure: Domains

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:42.246000+00:00	2026-05-12 15:12:00.629000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1584.001] Compromise Infrastructure: Domains

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:38.448000+00:00	2026-05-12 15:12:00.726000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1036.007] Masquerading: Double File Extension

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:33:07.592000+00:00	2026-05-12 15:12:00.621000+00:00

[T1689] Downgrade Attack

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:44:42.756000+00:00	2026-05-12 15:12:00.624000+00:00

[T1601.002] Modify System Image: Downgrade System Image

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.109000+00:00	2026-05-12 15:12:00.726000+00:00

[T1574.004] Hijack Execution Flow: Dylib Hijacking

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:58:27.104000+00:00	2026-05-12 15:12:00.726000+00:00

[T1027.007] Obfuscated Files or Information: Dynamic API Resolution

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:17:50.411000+00:00	2026-05-12 15:12:00.723000+00:00

[T1574.006] Hijack Execution Flow: Dynamic Linker Hijacking

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:57:21.530000+00:00	2026-05-12 15:12:00.636000+00:00

[T1568] Dynamic Resolution

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:00.128000+00:00	2026-05-12 15:12:00.644000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1055.001] Process Injection: Dynamic-link Library Injection

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:26:57.009000+00:00	2026-05-12 15:12:00.724000+00:00

[T1218.015] System Binary Proxy Execution: Electron Applications

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 18:01:23.195000+00:00	2026-05-12 15:12:00.634000+00:00

[T1548.004] Abuse Elevation Control Mechanism: Elevated Execution with Prompt

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:51:53.527000+00:00	2026-05-12 15:12:00.709000+00:00

[T1586.002] Compromise Accounts: Email Accounts

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:41.309000+00:00	2026-05-12 15:12:00.628000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1585.002] Establish Accounts: Email Accounts

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:52.378000+00:00	2026-05-12 15:12:00.636000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1589.002] Gather Victim Identity Information: Email Addresses

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:54.336000+00:00	2026-05-12 15:12:00.640000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1564.008] Hide Artifacts: Email Hiding Rules

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:18:10.251000+00:00	2026-05-12 15:12:00.620000+00:00

[T1684.002] Social Engineering: Email Spoofing

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:49:23.425000+00:00	2026-05-12 15:12:00.726000+00:00

[T1027.009] Obfuscated Files or Information: Embedded Payloads

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:18:17.938000+00:00	2026-05-12 15:12:00.620000+00:00

[T1027.013] Obfuscated Files or Information: Encrypted/Encoded File

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:18:22.179000+00:00	2026-05-12 15:12:00.620000+00:00

[T1480.001] Execution Guardrails: Environmental Keying

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:07:10.470000+00:00	2026-05-12 15:12:00.724000+00:00

[T1585] Establish Accounts

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:24.456000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1574.005] Hijack Execution Flow: Executable Installer File Permissions Weakness

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 23:02:03.423000+00:00	2026-05-12 15:12:00.641000+00:00

[T1480] Execution Guardrails

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:03:40.312000+00:00	2026-05-12 15:12:00.685000+00:00

[T1048.002] Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:05.552000+00:00	2026-05-12 15:12:00.705000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1041] Exfiltration Over C2 Channel

Current version: 2.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:06.675000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1048.003] Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol

Current version: 2.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:39.079000+00:00	2026-05-12 15:12:00.726000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1567] Exfiltration Over Web Service

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:42.061000+00:00	2026-05-12 15:12:00.628000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1567.004] Exfiltration Over Web Service: Exfiltration Over Webhook

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 19:58:26.901000+00:00	2026-05-12 15:12:00.629000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1567.002] Exfiltration Over Web Service: Exfiltration to Cloud Storage

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:19.048000+00:00	2026-05-12 15:12:00.713000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1567.001] Exfiltration Over Web Service: Exfiltration to Code Repository

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:04.207000+00:00	2026-05-12 15:12:00.686000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1190] Exploit Public-Facing Application

Current version: 2.8

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:41.788000+00:00	2026-05-12 15:12:00.628000+00:00

[T1687] Exploitation for Defense Impairment

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:10:42.138000+00:00	2026-05-12 15:12:00.619000+00:00

[T1211] Exploitation for Stealth

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 13:36:04.483000+00:00	2026-05-12 15:12:00.726000+00:00

[T1587.004] Develop Capabilities: Exploits

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:17.967000+00:00	2026-05-12 15:12:00.711000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1564.014] Hide Artifacts: Extended Attributes

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:19:25.896000+00:00	2026-05-12 15:12:00.642000+00:00

[T1090.002] Proxy: External Proxy

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:54.165000+00:00	2026-05-12 15:12:00.640000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1133] External Remote Services

Current version: 2.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:24.982000+00:00	2026-05-12 15:12:00.621000+00:00

[T1055.011] Process Injection: Extra Window Memory Injection

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:27:04.367000+00:00	2026-05-12 15:12:00.617000+00:00

[T1008] Fallback Channels

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:35.854000+00:00	2026-05-12 15:12:00.724000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1070.004] Indicator Removal: File Deletion

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:28:46.342000+00:00	2026-05-12 15:12:00.718000+00:00

[T1071.002] Application Layer Protocol: File Transfer Protocols

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:08.302000+00:00	2026-05-12 15:12:00.706000+00:00

[T1083] File and Directory Discovery

Current version: 1.7

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:00.036000+00:00	2026-05-12 15:12:00.644000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1222] File and Directory Permissions Modification

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.078000+00:00	2026-05-12 15:12:00.637000+00:00

[T1564.012] Hide Artifacts: File/Path Exclusions

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 19:21:42.768000+00:00	2026-05-12 15:12:00.620000+00:00

[T1027.011] Obfuscated Files or Information: Fileless Storage

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:18:39.119000+00:00	2026-05-12 15:12:00.619000+00:00

[T1657] Financial Theft

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 16:12:12.496000+00:00	2026-05-12 15:12:00.685000+00:00

[T1495] Firmware Corruption

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:37.207000+00:00	2026-05-12 15:12:00.724000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1056.002] Input Capture: GUI Input Capture

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:10.643000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1553.001] Subvert Trust Controls: Gatekeeper Bypass

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.996000+00:00	2026-05-12 15:12:00.624000+00:00

[T1589] Gather Victim Identity Information

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:47.303000+00:00	2026-05-12 15:12:00.633000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1591] Gather Victim Org Information

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:06.846000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1683] Generate Content

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 23:36:34.476000+00:00	2026-05-12 15:12:00.709000+00:00

[T1484.001] Domain or Tenant Policy Modification: Group Policy Modification

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.883000+00:00	2026-05-12 15:12:00.635000+00:00

[T1552.006] Unsecured Credentials: Group Policy Preferences

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:05.282000+00:00	2026-05-12 15:12:00.705000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1027.006] Obfuscated Files or Information: HTML Smuggling

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:19:27.839000+00:00	2026-05-12 15:12:00.717000+00:00

[T1564.005] Hide Artifacts: Hidden File System

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:22:45.621000+00:00	2026-05-12 15:12:00.722000+00:00

[T1564.001] Hide Artifacts: Hidden Files and Directories

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:23:13.914000+00:00	2026-05-12 15:12:00.723000+00:00

[T1564.002] Hide Artifacts: Hidden Users

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:23:44.205000+00:00	2026-05-12 15:12:00.705000+00:00

[T1564.003] Hide Artifacts: Hidden Window

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:23:51.965000+00:00	2026-05-12 15:12:00.716000+00:00

[T1564] Hide Artifacts

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:17:25.231000+00:00	2026-05-12 15:12:00.623000+00:00

[T1665] Hide Infrastructure

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-22 03:57:22.646000+00:00	2026-05-12 15:12:00.723000+00:00

[T1574] Hijack Execution Flow

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 21:18:17.156000+00:00	2026-05-12 15:12:00.707000+00:00

[T1556.007] Modify Authentication Process: Hybrid Identity

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.922000+00:00	2026-05-12 15:12:00.633000+00:00

[T1219.001] Remote Access Tools: IDE Tunneling

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-22 16:34:13.454000+00:00	2026-05-12 15:12:00.643000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1564.011] Hide Artifacts: Ignore Process Interrupts

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:24:37.027000+00:00	2026-05-12 15:12:00.630000+00:00

[T1546.012] Event Triggered Execution: Image File Execution Options Injection

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 18:54:42.949000+00:00	2026-05-12 15:12:00.640000+00:00

[T1684.001] Social Engineering: Impersonation

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:50:04.400000+00:00	2026-05-12 15:12:00.717000+00:00

[T1070] Indicator Removal

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 15:10:02.929000+00:00	2026-05-12 15:12:00.643000+00:00

[T1027.005] Obfuscated Files or Information: Indicator Removal from Tools

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:19:28.558000+00:00	2026-05-12 15:12:00.707000+00:00

[T1202] Indirect Command Execution

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:31:14.152000+00:00	2026-05-12 15:12:00.628000+00:00

[T1105] Ingress Tool Transfer

Current version: 2.6

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:32.714000+00:00	2026-05-12 15:12:00.723000+00:00

[T1490] Inhibit System Recovery

Current version: 1.6

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:37.297000+00:00	2026-05-12 15:12:00.724000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1553.004] Subvert Trust Controls: Install Root Certificate

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.931000+00:00	2026-05-12 15:12:00.715000+00:00

[T1218.004] System Binary Proxy Execution: InstallUtil

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:39:41.457000+00:00	2026-05-12 15:12:00.623000+00:00

[T1546.016] Event Triggered Execution: Installer Packages

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 19:59:13.167000+00:00	2026-05-12 15:12:00.721000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1559] Inter-Process Communication

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:13.194000+00:00	2026-05-12 15:12:00.707000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1491.001] Defacement: Internal Defacement

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:05.030000+00:00	2026-05-12 15:12:00.705000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1090.001] Proxy: Internal Proxy

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:37.574000+00:00	2026-05-12 15:12:00.724000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1534] Internal Spearphishing

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:23:56.376000+00:00	2026-05-12 15:12:00.706000+00:00

[T1036.001] Masquerading: Invalid Code Signature

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:38:13.564000+00:00	2026-05-12 15:12:00.709000+00:00

[T1027.018] Obfuscated Files or Information: Invisible Unicode

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:41:48.689000+00:00	2026-05-12 15:12:00.723000+00:00

[T1127.003] Trusted Developer Utilities Proxy Execution: JamPlus

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:45:43.373000+00:00	2026-05-12 15:12:00.645000+00:00

[T1059.007] Command and Scripting Interpreter: JavaScript

Current version: 2.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:24.217000+00:00	2026-05-12 15:12:00.620000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1027.016] Obfuscated Files or Information: Junk Code Insertion

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:19:48.489000+00:00	2026-05-12 15:12:00.639000+00:00

[T1001.001] Data Obfuscation: Junk Data

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:38.011000+00:00	2026-05-12 15:12:00.725000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1574.013] Hijack Execution Flow: KernelCallbackTable

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 23:01:58.951000+00:00	2026-05-12 15:12:00.706000+00:00

[T1555.001] Credentials from Password Stores: Keychain

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:29.756000+00:00	2026-05-12 15:12:00.622000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1056.001] Input Capture: Keylogging

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:21.756000+00:00	2026-05-12 15:12:00.620000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1027.012] Obfuscated Files or Information: LNK Icon Smuggling

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:20:54.005000+00:00	2026-05-12 15:12:00.690000+00:00

[T1003.001] OS Credential Dumping: LSASS Memory

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:52.657000+00:00	2026-05-12 15:12:00.637000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1570] Lateral Tool Transfer

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:19.137000+00:00	2026-05-12 15:12:00.713000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1543.001] Create or Modify System Process: Launch Agent

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:25.367000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1608.005] Stage Capabilities: Link Target

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:03.552000+00:00	2026-05-12 15:12:00.683000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1222.002] File and Directory Permissions Modification: Linux and Mac Permissions

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:51:53.173000+00:00	2026-05-12 15:12:00.620000+00:00

[T1055.015] Process Injection: ListPlanting

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:28:31.388000+00:00	2026-05-12 15:12:00.723000+00:00

[T1087.001] Account Discovery: Local Account

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:32.515000+00:00	2026-05-12 15:12:00.623000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1136.001] Create Account: Local Account

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:51.903000+00:00	2026-05-12 15:12:00.636000+00:00

[T1078.003] Valid Accounts: Local Accounts

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:51:08.702000+00:00	2026-05-12 15:12:00.726000+00:00

[T1074.001] Data Staged: Local Data Staging

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:28.868000+00:00	2026-05-12 15:12:00.622000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1114.001] Email Collection: Local Email Collection

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:29.669000+00:00	2026-05-12 15:12:00.622000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1069.001] Permission Groups Discovery: Local Groups

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:10.014000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1680] Local Storage Discovery

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-22 02:09:54.940000+00:00	2026-05-12 15:12:00.724000+00:00

[T1218.014] System Binary Proxy Execution: MMC

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:39:47.445000+00:00	2026-05-12 15:12:00.726000+00:00

[T1127.001] Trusted Developer Utilities Proxy Execution: MSBuild

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:45:30.815000+00:00	2026-05-12 15:12:00.716000+00:00

[T1134.003] Access Token Manipulation: Make and Impersonate Token

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:56:16.233000+00:00	2026-05-12 15:12:00.705000+00:00

[T1204.004] User Execution: Malicious Copy and Paste

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-27 20:05:57.921000+00:00	2026-05-12 15:12:00.722000+00:00

[T1204.002] User Execution: Malicious File

Current version: 1.6

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:31.674000+00:00	2026-05-12 15:12:00.623000+00:00

[T1204.001] User Execution: Malicious Link

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:35.144000+00:00	2026-05-12 15:12:00.723000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1587.001] Develop Capabilities: Malware

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:30.776000+00:00	2026-05-12 15:12:00.622000+00:00

[T1588.001] Obtain Capabilities: Malware

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:58.766000+00:00	2026-05-12 15:12:00.643000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1553.005] Subvert Trust Controls: Mark-of-the-Web Bypass

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.040000+00:00	2026-05-12 15:12:00.662000+00:00

[T1036.010] Masquerading: Masquerade Account Name

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:21:43.719000+00:00	2026-05-12 15:12:00.717000+00:00

[T1036.008] Masquerading: Masquerade File Type

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:39:13.971000+00:00	2026-05-12 15:12:00.622000+00:00

[T1036.004] Masquerading: Masquerade Task or Service

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:39:39.311000+00:00	2026-05-12 15:12:00.644000+00:00

[T1036] Masquerading

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:32:00.311000+00:00	2026-05-12 15:12:00.629000+00:00

[T1036.005] Masquerading: Match Legitimate Resource Name or Location

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:39:41.881000+00:00	2026-05-12 15:12:00.622000+00:00

[T1218.013] System Binary Proxy Execution: Mavinject

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:39:41.553000+00:00	2026-05-12 15:12:00.622000+00:00

[T1213.005] Data from Information Repositories: Messaging Applications

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 22:48:58.763000+00:00	2026-05-12 15:12:00.726000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1556] Modify Authentication Process

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.977000+00:00	2026-05-12 15:12:00.724000+00:00

[T1578.005] Modify Cloud Compute Infrastructure: Modify Cloud Compute Configurations

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.098000+00:00	2026-05-12 15:12:00.716000+00:00

[T1578] Modify Cloud Compute Infrastructure

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.919000+00:00	2026-05-12 15:12:00.621000+00:00

[T1666] Modify Cloud Resource Hierarchy

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.999000+00:00	2026-05-12 15:12:00.620000+00:00

[T1112] Modify Registry

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.021000+00:00	2026-05-12 15:12:00.634000+00:00

[T1601] Modify System Image

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.013000+00:00	2026-05-12 15:12:00.707000+00:00

[T1685.003] Disable or Modify Tools: Modify or Spoof Tool UI

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:44:20.156000+00:00	2026-05-12 15:12:00.620000+00:00

[T1218.005] System Binary Proxy Execution: Mshta

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:40:01.325000+00:00	2026-05-12 15:12:00.676000+00:00

[T1218.007] System Binary Proxy Execution: Msiexec

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:40:01.230000+00:00	2026-05-12 15:12:00.626000+00:00

[T1556.006] Modify Authentication Process: Multi-Factor Authentication

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.875000+00:00	2026-05-12 15:12:00.708000+00:00

[T1111] Multi-Factor Authentication Interception

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:29.231000+00:00	2026-05-12 15:12:00.722000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1090.003] Proxy: Multi-hop Proxy

Current version: 2.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:11.774000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1480.002] Execution Guardrails: Mutual Exclusion

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:07:21.724000+00:00	2026-05-12 15:12:00.630000+00:00

[T1003.003] OS Credential Dumping: NTDS

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:34.852000+00:00	2026-05-12 15:12:00.723000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1564.004] Hide Artifacts: NTFS File Attributes

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:24:50.745000+00:00	2026-05-12 15:12:00.724000+00:00

[T1557.001] Adversary-in-the-Middle: Name Resolution Poisoning and SMB Relay

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-03 16:53:09.295000+00:00	2026-05-12 15:12:00.636000+00:00

[T1106] Native API

Current version: 2.3

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 19:16:22.540000+00:00	2026-05-12 15:12:00.627000+00:00

[T1599.001] Network Boundary Bridging: Network Address Translation Traversal

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.887000+00:00	2026-05-12 15:12:00.632000+00:00

[T1599] Network Boundary Bridging

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.048000+00:00	2026-05-12 15:12:00.709000+00:00

[T1556.004] Modify Authentication Process: Network Device Authentication

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.117000+00:00	2026-05-12 15:12:00.726000+00:00

[T1059.008] Command and Scripting Interpreter: Network Device CLI

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:02.287000+00:00	2026-05-12 15:12:00.670000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1602.002] Data from Configuration Repository: Network Device Configuration Dump

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:47.219000+00:00	2026-05-12 15:12:00.633000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1686.002] Disable or Modify System Firewall: Network Device Firewall

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:38:51.612000+00:00	2026-05-12 15:12:00.706000+00:00

[T1584.008] Compromise Infrastructure: Network Devices

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-22 03:56:34.319000+00:00	2026-05-12 15:12:00.621000+00:00

[T1556.008] Modify Authentication Process: Network Provider DLL

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.025000+00:00	2026-05-12 15:12:00.705000+00:00

[T1590.006] Gather Victim Network Information: Network Security Appliances

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:55.360000+00:00	2026-05-12 15:12:00.640000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1046] Network Service Discovery

Current version: 3.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:31.494000+00:00	2026-05-12 15:12:00.723000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1070.005] Indicator Removal: Network Share Connection Removal

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:29:50.512000+00:00	2026-05-12 15:12:00.706000+00:00

[T1040] Network Sniffing

Current version: 1.7

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:36.910000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1590.004] Gather Victim Network Information: Network Topology

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:37.652000+00:00	2026-05-12 15:12:00.625000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1095] Non-Application Layer Protocol

Current version: 2.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:20.136000+00:00	2026-05-12 15:12:00.713000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1132.002] Data Encoding: Non-Standard Encoding

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-21 18:10:25.277000+00:00	2026-05-12 15:12:00.717000+00:00

[T1571] Non-Standard Port

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:14.187000+00:00	2026-05-12 15:12:00.707000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1027] Obfuscated Files or Information

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:14:56.435000+00:00	2026-05-12 15:12:00.708000+00:00

[T1218.008] System Binary Proxy Execution: Odbcconf

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:40:01.263000+00:00	2026-05-12 15:12:00.640000+00:00

[T1137.001] Office Application Startup: Office Template Macros

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:59.432000+00:00	2026-05-12 15:12:00.643000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1036.011] Masquerading: Overwrite Process Arguments

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:40:03.475000+00:00	2026-05-12 15:12:00.632000+00:00

[T1134.004] Access Token Manipulation: Parent PID Spoofing

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:54:42.976000+00:00	2026-05-12 15:12:00.706000+00:00

[T1550.002] Use Alternate Authentication Material: Pass the Hash

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:48:07.235000+00:00	2026-05-12 15:12:00.723000+00:00

[T1550.003] Use Alternate Authentication Material: Pass the Ticket

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:47:57.805000+00:00	2026-05-12 15:12:00.643000+00:00

[T1110.002] Brute Force: Password Cracking

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:29.397000+00:00	2026-05-12 15:12:00.622000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1556.002] Modify Authentication Process: Password Filter DLL

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.031000+00:00	2026-05-12 15:12:00.626000+00:00

[T1110.001] Brute Force: Password Guessing

Current version: 1.7

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:21.929000+00:00	2026-05-12 15:12:00.620000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1601.001] Modify System Image: Patch System Image

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.106000+00:00	2026-05-12 15:12:00.717000+00:00

[T1574.007] Hijack Execution Flow: Path Interception by PATH Environment Variable

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 23:01:52.753000+00:00	2026-05-12 15:12:00.620000+00:00

[T1574.008] Hijack Execution Flow: Path Interception by Search Order Hijacking

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 23:01:48.263000+00:00	2026-05-12 15:12:00.635000+00:00

[T1574.009] Hijack Execution Flow: Path Interception by Unquoted Path

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 23:01:45.477000+00:00	2026-05-12 15:12:00.713000+00:00

[T1120] Peripheral Device Discovery

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:37.563000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1566] Phishing

Current version: 2.7

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 16:14:54.713000+00:00	2026-05-12 15:12:00.706000+00:00

[T1598] Phishing for Information

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 16:15:21.344000+00:00	2026-05-12 15:12:00.717000+00:00

[T1647] Plist File Modification

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.947000+00:00	2026-05-12 15:12:00.644000+00:00

[T1556.003] Modify Authentication Process: Pluggable Authentication Modules

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.037000+00:00	2026-05-12 15:12:00.620000+00:00

[T1677] Poisoned Pipeline Execution

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-21 02:38:29.636000+00:00	2026-05-12 15:12:00.642000+00:00

[T1027.014] Obfuscated Files or Information: Polymorphic Code

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:20:58.199000+00:00	2026-05-12 15:12:00.709000+00:00

[T1205.001] Traffic Signaling: Port Knocking

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:44:49.425000+00:00	2026-05-12 15:12:00.688000+00:00

[T1055.002] Process Injection: Portable Executable Injection

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:28:35.452000+00:00	2026-05-12 15:12:00.665000+00:00

[T1059.001] Command and Scripting Interpreter: PowerShell

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:07.660000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1542] Pre-OS Boot

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 18:38:50.048000+00:00	2026-05-12 15:12:00.662000+00:00

[T1690] Prevent Command History Logging

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:45:06.768000+00:00	2026-05-12 15:12:00.709000+00:00

[T1552.004] Unsecured Credentials: Private Keys

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:50.819000+00:00	2026-05-12 15:12:00.635000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1055.009] Process Injection: Proc Memory

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:28:52.682000+00:00	2026-05-12 15:12:00.717000+00:00

[T1564.010] Hide Artifacts: Process Argument Spoofing

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:25:25.946000+00:00	2026-05-12 15:12:00.727000+00:00

[T1057] Process Discovery

Current version: 1.6

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:05.839000+00:00	2026-05-12 15:12:00.705000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1055.013] Process Injection: Process Doppelgänging

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:28:53.747000+00:00	2026-05-12 15:12:00.641000+00:00

[T1055.012] Process Injection: Process Hollowing

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:30:23.429000+00:00	2026-05-12 15:12:00.708000+00:00

[T1055] Process Injection

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:26:41.663000+00:00	2026-05-12 15:12:00.629000+00:00

[T1572] Protocol Tunneling

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:45.888000+00:00	2026-05-12 15:12:00.632000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1001.003] Data Obfuscation: Protocol or Service Impersonation

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:20.574000+00:00	2026-05-12 15:12:00.714000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1090] Proxy

Current version: 3.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:57.330000+00:00	2026-05-12 15:12:00.641000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1055.008] Process Injection: Ptrace System Calls

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:30:27.359000+00:00	2026-05-12 15:12:00.723000+00:00

[T1216.001] System Script Proxy Execution: PubPrn

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:42:36.777000+00:00	2026-05-12 15:12:00.620000+00:00

[T1059.006] Command and Scripting Interpreter: Python

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:23.660000+00:00	2026-05-12 15:12:00.716000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1682] Query Public AI Services

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 20:59:00.096000+00:00	2026-05-12 15:12:00.621000+00:00

[T1012] Query Registry

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:20.660000+00:00	2026-05-12 15:12:00.714000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1542.004] Pre-OS Boot: ROMMONkit

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 18:38:49.551000+00:00	2026-05-12 15:12:00.706000+00:00

[T1600.001] Weaken Encryption: Reduce Key Space

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.005000+00:00	2026-05-12 15:12:00.627000+00:00

[T1620] Reflective Code Loading

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:32:18.632000+00:00	2026-05-12 15:12:00.630000+00:00

[T1547.001] Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:09.744000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1218.009] System Binary Proxy Execution: Regsvcs/Regasm

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:41:42.115000+00:00	2026-05-12 15:12:00.714000+00:00

[T1218.010] System Binary Proxy Execution: Regsvr32

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:41:58.327000+00:00	2026-05-12 15:12:00.709000+00:00

[T1070.010] Indicator Removal: Relocate Malware

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:29:55.911000+00:00	2026-05-12 15:12:00.717000+00:00

[T1219] Remote Access Tools

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:42.154000+00:00	2026-05-12 15:12:00.628000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1074.002] Data Staged: Remote Data Staging

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:38.453000+00:00	2026-05-12 15:12:00.626000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1021.001] Remote Services: Remote Desktop Protocol

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:33.524000+00:00	2026-05-12 15:12:00.723000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1219.002] Remote Access Tools: Remote Desktop Software

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 16:42:15.226000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1114.002] Email Collection: Remote Email Collection

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:15.355000+00:00	2026-05-12 15:12:00.708000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1018] Remote System Discovery

Current version: 3.6

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:31.319000+00:00	2026-05-12 15:12:00.722000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1036.003] Masquerading: Rename Legitimate Utilities

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:40:54.471000+00:00	2026-05-12 15:12:00.713000+00:00

[T1564.009] Hide Artifacts: Resource Forking

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:25:32.891000+00:00	2026-05-12 15:12:00.708000+00:00

[T1556.005] Modify Authentication Process: Reversible Encryption

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.082000+00:00	2026-05-12 15:12:00.718000+00:00

[T1578.004] Modify Cloud Compute Infrastructure: Revert Cloud Instance

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.953000+00:00	2026-05-12 15:12:00.620000+00:00

[T1036.002] Masquerading: Right-to-Left Override

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:41:03.753000+00:00	2026-05-12 15:12:00.643000+00:00

[T1207] Rogue Domain Controller

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.911000+00:00	2026-05-12 15:12:00.634000+00:00

[T1014] Rootkit

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:32:28.874000+00:00	2026-05-12 15:12:00.620000+00:00

[T1564.006] Hide Artifacts: Run Virtual Instance

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:26:04.116000+00:00	2026-05-12 15:12:00.709000+00:00

[T1218.011] System Binary Proxy Execution: Rundll32

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:42:03.135000+00:00	2026-05-12 15:12:00.620000+00:00

[T1134.005] Access Token Manipulation: SID-History Injection

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:55:14.114000+00:00	2026-05-12 15:12:00.709000+00:00

[T1553.003] Subvert Trust Controls: SIP and Trust Provider Hijacking

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.087000+00:00	2026-05-12 15:12:00.633000+00:00

[T1021.002] Remote Services: SMB/Windows Admin Shares

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:45.700000+00:00	2026-05-12 15:12:00.632000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1021.004] Remote Services: SSH

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:34.985000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1098.004] Account Manipulation: SSH Authorized Keys

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:55.005000+00:00	2026-05-12 15:12:00.640000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1027.017] Obfuscated Files or Information: SVG Smuggling

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:22:02.298000+00:00	2026-05-12 15:12:00.643000+00:00

[T1688] Safe Mode Boot

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:48:52.409000+00:00	2026-05-12 15:12:00.716000+00:00

[T1595.001] Active Scanning: Scanning IP Blocks

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:28.603000+00:00	2026-05-12 15:12:00.721000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1053.005] Scheduled Task/Job: Scheduled Task

Current version: 1.8

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:19.176000+00:00	2026-05-12 15:12:00.618000+00:00

[T1053] Scheduled Task/Job

Current version: 2.5

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-06 13:58:22.807000+00:00	2026-05-12 15:12:00.626000+00:00

[T1113] Screen Capture

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:19.886000+00:00	2026-05-12 15:12:00.619000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1593] Search Open Websites/Domains

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:10.188000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1003.002] OS Credential Dumping: Security Account Manager

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:26.545000+00:00	2026-05-12 15:12:00.621000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1518.001] Software Discovery: Security Software Discovery

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:23.401000+00:00	2026-05-12 15:12:00.716000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1679] Selective Exclusion

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:32:31.453000+00:00	2026-05-12 15:12:00.706000+00:00

[T1583.004] Acquire Infrastructure: Server

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:50.911000+00:00	2026-05-12 15:12:00.635000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1584.004] Compromise Infrastructure: Server

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:30.616000+00:00	2026-05-12 15:12:00.722000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1569.002] System Services: Service Execution

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:35.506000+00:00	2026-05-12 15:12:00.723000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1489] Service Stop

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:30.688000+00:00	2026-05-12 15:12:00.622000+00:00

[T1574.010] Hijack Execution Flow: Services File Permissions Weakness

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 23:02:37.539000+00:00	2026-05-12 15:12:00.706000+00:00

[T1574.011] Hijack Execution Flow: Services Registry Permissions Weakness

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 23:02:58.258000+00:00	2026-05-12 15:12:00.622000+00:00

[T1548.001] Abuse Elevation Control Mechanism: Setuid and Setgid

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:52:13.675000+00:00	2026-05-12 15:12:00.639000+00:00

[T1213.002] Data from Information Repositories: Sharepoint

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:22.832000+00:00	2026-05-12 15:12:00.620000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1684] Social Engineering

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 15:39:55.218000+00:00	2026-05-12 15:12:00.629000+00:00

[T1585.001] Establish Accounts: Social Media Accounts

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:14.364000+00:00	2026-05-12 15:12:00.708000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1205.002] Traffic Signaling: Socket Filters

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:45:22.463000+00:00	2026-05-12 15:12:00.619000+00:00

[T1592.002] Gather Victim Host Information: Software

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:17.631000+00:00	2026-05-12 15:12:00.710000+00:00

[T1072] Software Deployment Tools

Current version: 3.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:06.595000+00:00	2026-05-12 15:12:00.705000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1518] Software Discovery

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:31.671000+00:00	2026-05-12 15:12:00.723000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1027.002] Obfuscated Files or Information: Software Packing

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:15:31.610000+00:00	2026-05-12 15:12:00.722000+00:00

[T1036.006] Masquerading: Space after Filename

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:41:09.462000+00:00	2026-05-12 15:12:00.723000+00:00

[T1566.001] Phishing: Spearphishing Attachment

Current version: 2.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:35.522000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1598.003] Phishing for Information: Spearphishing Link

Current version: 1.7

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:34.880000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1566.002] Phishing: Spearphishing Link

Current version: 2.8

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:34.123000+00:00	2026-05-12 15:12:00.623000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1598.004] Phishing for Information: Spearphishing Voice

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 16:07:06.553000+00:00	2026-05-12 15:12:00.640000+00:00

[T1566.004] Phishing: Spearphishing Voice

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 16:04:48.737000+00:00	2026-05-12 15:12:00.711000+00:00

[T1132.001] Data Encoding: Standard Encoding

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:20.938000+00:00	2026-05-12 15:12:00.620000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1528] Steal Application Access Token

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:04.660000+00:00	2026-05-12 15:12:00.694000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1539] Steal Web Session Cookie

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:25.272000+00:00	2026-05-12 15:12:00.621000+00:00

[T1558] Steal or Forge Kerberos Tickets

Current version: 1.7

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:41.885000+00:00	2026-05-12 15:12:00.628000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1027.003] Obfuscated Files or Information: Steganography

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:21:09.201000+00:00	2026-05-12 15:12:00.714000+00:00

[T1027.008] Obfuscated Files or Information: Stripped Payloads

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:21:58.918000+00:00	2026-05-12 15:12:00.624000+00:00

[T1553] Subvert Trust Controls

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.101000+00:00	2026-05-12 15:12:00.709000+00:00

[T1548.003] Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:52:35.310000+00:00	2026-05-12 15:12:00.621000+00:00

[T1573.001] Encrypted Channel: Symmetric Cryptography

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:32.429000+00:00	2026-05-12 15:12:00.623000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1216.002] System Script Proxy Execution: SyncAppvPublishingServer

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:42:56.654000+00:00	2026-05-12 15:12:00.723000+00:00

[T1218] System Binary Proxy Execution

Current version: 4.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:37:10.607000+00:00	2026-05-12 15:12:00.629000+00:00

[T1497.001] Virtualization/Sandbox Evasion: System Checks

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:51:53.404000+00:00	2026-05-12 15:12:00.623000+00:00

[T1542.001] Pre-OS Boot: System Firmware

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 18:38:49.546000+00:00	2026-05-12 15:12:00.621000+00:00

[T1082] System Information Discovery

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:38.277000+00:00	2026-05-12 15:12:00.625000+00:00

[T1614.001] System Location Discovery: System Language Discovery

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:20.039000+00:00	2026-05-12 15:12:00.713000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1614] System Location Discovery

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:22.536000+00:00	2026-05-12 15:12:00.716000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1016] System Network Configuration Discovery

Current version: 1.7

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:56.618000+00:00	2026-05-12 15:12:00.641000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1049] System Network Connections Discovery

Current version: 2.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:01.094000+00:00	2026-05-12 15:12:00.652000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1033] System Owner/User Discovery

Current version: 1.6

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:20.366000+00:00	2026-05-12 15:12:00.620000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1216] System Script Proxy Execution

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:42:22.297000+00:00	2026-05-12 15:12:00.724000+00:00

[T1007] System Service Discovery

Current version: 1.6

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:36.812000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1529] System Shutdown/Reboot

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:40.145000+00:00	2026-05-12 15:12:00.726000+00:00

[T1124] System Time Discovery

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:36.399000+00:00	2026-05-12 15:12:00.724000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1543.002] Create or Modify System Process: Systemd Service

Current version: 1.6

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:29.942000+00:00	2026-05-12 15:12:00.722000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1548.006] Abuse Elevation Control Mechanism: TCC Manipulation

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:52:55.058000+00:00	2026-05-12 15:12:00.723000+00:00

[T1542.005] Pre-OS Boot: TFTP Boot

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 18:38:49.555000+00:00	2026-05-12 15:12:00.623000+00:00

[T1221] Template Injection

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:44:24.229000+00:00	2026-05-12 15:12:00.722000+00:00

[T1548.005] Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:53:18.398000+00:00	2026-05-12 15:12:00.641000+00:00

[T1055.003] Process Injection: Thread Execution Hijacking

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:30:40.463000+00:00	2026-05-12 15:12:00.629000+00:00

[T1055.005] Process Injection: Thread Local Storage

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:30:51.339000+00:00	2026-05-12 15:12:00.723000+00:00

[T1497.003] Virtualization/Sandbox Evasion: Time Based Checks

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:52:39.442000+00:00	2026-05-12 15:12:00.630000+00:00

[T1070.006] Indicator Removal: Timestomp

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:30:57.770000+00:00	2026-05-12 15:12:00.630000+00:00

[T1134.001] Access Token Manipulation: Token Impersonation/Theft

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 19:54:20.663000+00:00	2026-05-12 15:12:00.686000+00:00

[T1588.002] Obtain Capabilities: Tool

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:10.900000+00:00	2026-05-12 15:12:00.706000+00:00

[T1205] Traffic Signaling

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:44:32.591000+00:00	2026-05-12 15:12:00.629000+00:00

[T1565.002] Data Manipulation: Transmitted Data Manipulation

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-11-13 19:21:05.133000+00:00	2026-05-12 15:12:00.717000+00:00

[T1484.002] Domain or Tenant Policy Modification: Trust Modification

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:52.987000+00:00	2026-05-12 15:12:00.623000+00:00

[T1127] Trusted Developer Utilities Proxy Execution

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:45:17.637000+00:00	2026-05-12 15:12:00.726000+00:00

[T1199] Trusted Relationship

Current version: 2.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-11-12 15:42:52.705000+00:00	2026-05-12 15:12:00.706000+00:00

[T1059.004] Command and Scripting Interpreter: Unix Shell

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:12.476000+00:00	2026-05-12 15:12:00.707000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1546.004] Event Triggered Execution: Unix Shell Configuration Modification

Current version: 2.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:15.960000+00:00	2026-05-12 15:12:00.709000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1535] Unused/Unsupported Cloud Regions

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:48:40.705000+00:00	2026-05-12 15:12:00.635000+00:00

[T1608.001] Stage Capabilities: Upload Malware

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-01 19:06:26.976000+00:00	2026-05-12 15:12:00.628000+00:00

[T1608.002] Stage Capabilities: Upload Tool

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:46.160000+00:00	2026-05-12 15:12:00.632000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1550] Use Alternate Authentication Material

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:48:07.391000+00:00	2026-05-12 15:12:00.633000+00:00

[T1497.002] Virtualization/Sandbox Evasion: User Activity Based Checks

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:52:22.149000+00:00	2026-05-12 15:12:00.705000+00:00

[T1564.007] Hide Artifacts: VBA Stomping

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:26:09.220000+00:00	2026-05-12 15:12:00.716000+00:00

[T1055.014] Process Injection: VDSO Hijacking

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:30:51.756000+00:00	2026-05-12 15:12:00.706000+00:00

[T1078] Valid Accounts

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:49:37.148000+00:00	2026-05-12 15:12:00.707000+00:00

[T1218.012] System Binary Proxy Execution: Verclsid

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:42:21.088000+00:00	2026-05-12 15:12:00.666000+00:00

[T1125] Video Capture

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:56.077000+00:00	2026-05-12 15:12:00.641000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1673] Virtual Machine Discovery

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 21:24:32.155000+00:00	2026-05-12 15:12:00.640000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1584.003] Compromise Infrastructure: Virtual Private Server

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:40.055000+00:00	2026-05-12 15:12:00.627000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1583.003] Acquire Infrastructure: Virtual Private Server

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:59.607000+00:00	2026-05-12 15:12:00.643000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1497] Virtualization/Sandbox Evasion

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:52:12.932000+00:00	2026-05-12 15:12:00.672000+00:00

[T1059.005] Command and Scripting Interpreter: Visual Basic

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:29.678000+00:00	2026-05-12 15:12:00.722000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1595.002] Active Scanning: Vulnerability Scanning

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:48.647000+00:00	2026-05-12 15:12:00.633000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1600] Weaken Encryption

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 20:07:53.046000+00:00	2026-05-12 15:12:00.622000+00:00

[T1056.003] Input Capture: Web Portal Capture

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:54.254000+00:00	2026-05-12 15:12:00.640000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1071.001] Application Layer Protocol: Web Protocols

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:29.591000+00:00	2026-05-12 15:12:00.722000+00:00

[T1102] Web Service

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:02.831000+00:00	2026-05-12 15:12:00.672000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1583.006] Acquire Infrastructure: Web Services

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:04.554000+00:00	2026-05-12 15:12:00.694000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1550.004] Use Alternate Authentication Material: Web Session Cookie

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:48:02.590000+00:00	2026-05-12 15:12:00.714000+00:00

[T1505.003] Server Software Component: Web Shell

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:50.387000+00:00	2026-05-12 15:12:00.635000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1059.003] Command and Scripting Interpreter: Windows Command Shell

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:25.722000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1686.003] Disable or Modify System Firewall: Windows Host Firewall

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:39:19.227000+00:00	2026-05-12 15:12:00.623000+00:00

[T1047] Windows Management Instrumentation

Current version: 1.6

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:19.670000+00:00	2026-05-12 15:12:00.619000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1222.001] File and Directory Permissions Modification: Windows Permissions

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:51:17.272000+00:00	2026-05-12 15:12:00.625000+00:00

[T1543.003] Create or Modify System Process: Windows Service

Current version: 1.6

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:48:07.774000+00:00	2026-05-12 15:12:00.623000+00:00

[T1683.001] Generate Content: Written Content

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 15:34:25.836000+00:00	2026-05-12 15:12:00.640000+00:00

[T1220] XSL Script Processing

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 22:53:58.559000+00:00	2026-05-12 15:12:00.723000+00:00

mobile-attack

Patches

[T1453] Abuse Accessibility Features

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-27 17:12:01.143000+00:00	2026-05-12 15:12:00.622000+00:00

[T1517] Access Notifications

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:40.140000+00:00	2026-05-12 15:12:00.627000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1636.005] Protected User Data: Accounts

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-09-17 15:21:58.225000+00:00	2026-05-12 15:12:00.624000+00:00

[T1429] Audio Capture

Current version: 3.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:52.833000+00:00	2026-05-12 15:12:00.637000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1481.002] Web Service: Bidirectional Communication

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:06.929000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1624.001] Event Triggered Execution: Broadcast Receivers

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:39.155000+00:00	2026-05-12 15:12:00.626000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1616] Call Control

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:38.183000+00:00	2026-05-12 15:12:00.625000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1636.002] Protected User Data: Call Log

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:29.311000+00:00	2026-05-12 15:12:00.622000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1636.003] Protected User Data: Contact List

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:30.430000+00:00	2026-05-12 15:12:00.722000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1662] Data Destruction

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2023-09-27 21:09:27.288000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1533] Data from Local System

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:30.706000+00:00	2026-05-12 15:12:00.722000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1626.001] Abuse Elevation Control Mechanism: Device Administrator Permissions

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:08.587000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1407] Download New Code at Runtime

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:55.445000+00:00	2026-05-12 15:12:00.640000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1627] Execution Guardrails

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:44.210000+00:00	2026-05-12 15:12:00.630000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1646] Exfiltration Over C2 Channel

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:36.720000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1639.001] Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:38.977000+00:00	2026-05-12 15:12:00.626000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1630.002] Indicator Removal on Host: File Deletion

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:12.849000+00:00	2026-05-12 15:12:00.707000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1420] File and Directory Discovery

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:24.899000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1541] Foreground Persistence

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:52.197000+00:00	2026-05-12 15:12:00.636000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1417.002] Input Capture: GUI Input Capture

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:45.045000+00:00	2026-05-12 15:12:00.630000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1544] Ingress Tool Transfer

Current version: 2.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:34.355000+00:00	2026-05-12 15:12:00.623000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1516] Input Injection

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:25.635000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1417.001] Input Capture: Keylogging

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:14.276000+00:00	2026-05-12 15:12:00.707000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1430] Location Tracking

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:08.214000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1461] Lockscreen Bypass

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:29.764000+00:00	2026-05-12 15:12:00.722000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1655] Masquerading

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:38.098000+00:00	2026-05-12 15:12:00.725000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1655.001] Masquerading: Match Legitimate Name or Location

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:21:44.590000+00:00	2026-05-12 15:12:00.621000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1575] Native API

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:47.482000+00:00	2026-05-12 15:12:00.633000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1406] Obfuscated Files or Information

Current version: 3.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:25.462000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1660] Phishing

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 17:38:10.545000+00:00	2026-05-12 15:12:00.722000+00:00

[T1629.001] Impair Defenses: Prevent Application Removal

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:28.687000+00:00	2026-05-12 15:12:00.721000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1582] SMS Control

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:15.008000+00:00	2026-05-12 15:12:00.708000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1636.004] Protected User Data: SMS Messages

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:22.003000+00:00	2026-05-12 15:12:00.715000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1513] Screen Capture

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:57.610000+00:00	2026-05-12 15:12:00.642000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1418] Software Discovery

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:27.789000+00:00	2026-05-12 15:12:00.622000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1406.002] Obfuscated Files or Information: Software Packing

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:46.514000+00:00	2026-05-12 15:12:00.632000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1409] Stored Application Data

Current version: 3.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:56.509000+00:00	2026-05-12 15:12:00.641000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1426] System Information Discovery

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:31.141000+00:00	2026-05-12 15:12:00.722000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1422] System Network Configuration Discovery

Current version: 2.4

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:26.973000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1630.001] Indicator Removal on Host: Uninstall Malicious Application

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:23.278000+00:00	2026-05-12 15:12:00.620000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1628.002] Hide Artifacts: User Evasion

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:32.337000+00:00	2026-05-12 15:12:00.623000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1512] Video Capture

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:28.248000+00:00	2026-05-12 15:12:00.721000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1437.001] Application Layer Protocol: Web Protocols

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:48:31.318000+00:00	2026-05-12 15:12:00.622000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1422.002] System Network Configuration Discovery: Wi-Fi Discovery

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2024-02-21 20:44:44.404000+00:00	2026-05-12 15:12:00.713000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

ics-attack

Patches

[T0800] Activate Firmware Update Mode

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-25 15:16:44.679000+00:00	2026-05-12 15:12:00.622000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1695] Block Communications

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:52:53.490000+00:00	2026-05-12 15:12:00.726000+00:00

[T1691] Block Operational Technology Message

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:49:15.673000+00:00	2026-05-12 15:12:00.624000+00:00

[T0846.002] Remote System Discovery: Broadcast Discovery

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:43:10.464000+00:00	2026-05-12 15:12:00.714000+00:00

[T0892] Change Credential

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:20.690000+00:00	2026-05-12 15:12:00.726000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T0858] Change Operating Mode

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:11.583000+00:00	2026-05-12 15:12:00.623000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1691.001] Block Operational Technology Message: Command Message

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:50:42.389000+00:00	2026-05-12 15:12:00.621000+00:00

[T1692.001] Unauthorized Message: Command Message

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:59:19.225000+00:00	2026-05-12 15:12:00.629000+00:00

[T0807] Command-Line Interface

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:11.069000+00:00	2026-05-12 15:12:00.623000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T0885] Commonly Used Port

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:19.961000+00:00	2026-05-12 15:12:00.723000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T0809] Data Destruction

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:14.108000+00:00	2026-05-12 15:12:00.630000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1694.001] Insecure Credentials: Default Credentials

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:30:36.158000+00:00	2026-05-12 15:12:00.634000+00:00

[T0816] Device Restart/Shutdown

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:11.395000+00:00	2026-05-12 15:12:00.623000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T0843.001] Program Download: Download All

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:01:28.898000+00:00	2026-05-12 15:12:00.642000+00:00

[T1695.002] Block Communications: Ethernet

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:57:13.444000+00:00	2026-05-12 15:12:00.635000+00:00

[T0822] External Remote Services

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:16.385000+00:00	2026-05-12 15:12:00.705000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T0823] Graphical User Interface

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:17.144000+00:00	2026-05-12 15:12:00.707000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1694.002] Insecure Credentials: Hardcoded Credentials

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:32:38.851000+00:00	2026-05-12 15:12:00.640000+00:00

[T1694] Insecure Credentials

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:29:41.601000+00:00	2026-05-12 15:12:00.628000+00:00

[T0827] Loss of Control

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 19:58:56.356000+00:00	2026-05-12 15:12:00.706000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T0829] Loss of View

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 19:58:08.228000+00:00	2026-05-12 15:12:00.621000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T0838] Modify Alarm Settings

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:19.764000+00:00	2026-05-12 15:12:00.723000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1693] Modify Firmware

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:06:21.253000+00:00	2026-05-12 15:12:00.643000+00:00

[T1693.002] Modify Firmware: Module Firmware

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:15:57.683000+00:00	2026-05-12 15:12:00.642000+00:00

[T0846.003] Remote System Discovery: Multicast Discovery

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:45:38.166000+00:00	2026-05-12 15:12:00.636000+00:00

[T0840] Network Connection Enumeration

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 19:59:18.381000+00:00	2026-05-12 15:12:00.723000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T0843.002] Program Download: Online Edit

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 17:40:18.368000+00:00	2026-05-12 15:12:00.721000+00:00

[T0846.001] Remote System Discovery: Port Scan

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:41:07.822000+00:00	2026-05-12 15:12:00.635000+00:00

[T0843.003] Program Download: Program Append

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:18:49.737000+00:00	2026-05-12 15:12:00.634000+00:00

[T0843] Program Download

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:18.212000+00:00	2026-05-12 15:12:00.713000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T0873] Project File Infection

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:35:14.939000+00:00	2026-05-12 15:12:00.723000+00:00

[T0886] Remote Services

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:19.525000+00:00	2026-05-12 15:12:00.722000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T0846] Remote System Discovery

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:39:03.420000+00:00	2026-05-12 15:12:00.718000+00:00

[T0888] Remote System Information Discovery

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:12.694000+00:00	2026-05-12 15:12:00.624000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1691.002] Block Operational Technology Message: Reporting Message

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:52:34.062000+00:00	2026-05-12 15:12:00.643000+00:00

[T1692.002] Unauthorized Message: Reporting Message

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:01:42.644000+00:00	2026-05-12 15:12:00.633000+00:00

[T0852] Screen Capture

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:21.744000+00:00	2026-05-12 15:12:00.715000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1695.001] Block Communications: Serial COM

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:59:10.079000+00:00	2026-05-12 15:12:00.634000+00:00

[T0873.001] Project File Infection: Siemens Project File Format

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:37:43.545000+00:00	2026-05-12 15:12:00.625000+00:00

[T1693.001] Modify Firmware: System Firmware

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:10:31.871000+00:00	2026-05-12 15:12:00.639000+00:00

[T0882] Theft of Operational Information

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 17:49:16.405000+00:00	2026-05-12 15:12:00.709000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1692] Unauthorized Message

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:54:29.294000+00:00	2026-05-12 15:12:00.722000+00:00

[T0859] Valid Accounts

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 19:59:08.866000+00:00	2026-05-12 15:12:00.717000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[T1695.003] Block Communications: Wi-Fi

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 19:59:42.404000+00:00	2026-05-12 15:12:00.641000+00:00

Software

enterprise-attack

Minor Version Changes

[S9039] LazyWiper

Current version: 1.1

Version changed from: 1.0 → 1.1

	Old Description			New Description
t	1	[LazyWiper](https://attack.mitre.org/software/S9039) is a de	t	1	[LazyWiper](https://attack.mitre.org/software/S9039) is a de
	>	structive malware observed targeting a manufacturing sector		>	structive malware observed targeting a manufacturing sector
	>	company during the [2025 Poland Wiper Attacks](https://attac		>	company during the [2025 Poland Wiper Attacks](https://attac
	>	k.mitre.org/campaigns/C0063). [LazyWiper](https://attack.mit		>	k.mitre.org/campaigns/C0063). [LazyWiper](https://attack.mit
	>	re.org/software/S9039) is a native Windows PowerShell script		>	re.org/software/S9039) is a native Windows PowerShell script
	>	that is believed to have been generated by a large language		>	that is believed to have been generated by a large language
	>	model (LLM). [LazyWiper](https://attack.mitre.org/software/		>	model (LLM). [LazyWiper](https://attack.mitre.org/software/
	>	S9039) overwrites files on the system using the C# function		>	S9039) overwrites files on the system using the C# function
	>	`WriteRandomBytes()` and can targets multiple specific file		>	`WriteRandomBytes()` and can target multiple specific file t
	>	types by their extensions.(Citation: CERT Polska)		>	ypes by their extensions.(Citation: CERT Polska)

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 15:08:43.762000+00:00	2026-05-12 15:12:00.739000+00:00
description	[LazyWiper](https://attack.mitre.org/software/S9039) is a destructive malware observed targeting a manufacturing sector company during the [2025 Poland Wiper Attacks](https://attack.mitre.org/campaigns/C0063). [LazyWiper](https://attack.mitre.org/software/S9039) is a native Windows PowerShell script that is believed to have been generated by a large language model (LLM). [LazyWiper](https://attack.mitre.org/software/S9039) overwrites files on the system using the C# function `WriteRandomBytes()` and can targets multiple specific file types by their extensions.(Citation: CERT Polska)	[LazyWiper](https://attack.mitre.org/software/S9039) is a destructive malware observed targeting a manufacturing sector company during the [2025 Poland Wiper Attacks](https://attack.mitre.org/campaigns/C0063). [LazyWiper](https://attack.mitre.org/software/S9039) is a native Windows PowerShell script that is believed to have been generated by a large language model (LLM). [LazyWiper](https://attack.mitre.org/software/S9039) overwrites files on the system using the C# function `WriteRandomBytes()` and can target multiple specific file types by their extensions.(Citation: CERT Polska)
x_mitre_version	1.0	1.1

Patches

[S1025] Amadey

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2024-05-07 19:11:33.669000+00:00	2026-05-12 15:12:00.732000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0099] Arp

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 20:59:19.130000+00:00	2026-05-12 15:12:00.740000+00:00

[S9031] AshTag

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 14:04:58.202000+00:00	2026-05-12 15:12:00.739000+00:00

[S1087] AsyncRAT

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2023-10-10 17:19:12.868000+00:00	2026-05-12 15:12:00.740000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0245] BADCALL

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-25 14:44:12.926000+00:00	2026-05-12 15:12:00.739000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0190] BITSAdmin

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:09:31.571000+00:00	2026-05-12 15:12:00.740000+00:00

[S1161] BPFDoor

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-01-03 18:03:04.670000+00:00	2026-05-12 15:12:00.737000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0414] BabyShark

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2024-05-06 20:38:32.432000+00:00	2026-05-12 15:12:00.739000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S1181] BlackByte 2.0 Ransomware

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-03-09 16:01:39.889000+00:00	2026-05-12 15:12:00.733000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S9016] Caminho

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 17:54:24.028000+00:00	2026-05-12 15:12:00.739000+00:00

[S0687] Cyclops Blink

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-15 19:46:35.048000+00:00	2026-05-12 15:12:00.739000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S9017] DCRAT

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 18:27:09.265000+00:00	2026-05-12 15:12:00.740000+00:00

[S0334] DarkComet

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-25 14:43:20.605000+00:00	2026-05-12 15:12:00.733000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S1111] DarkGate

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-10-21 03:02:05.582000+00:00	2026-05-12 15:12:00.735000+00:00

[S1144] FRP

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-19 16:36:54.302000+00:00	2026-05-12 15:12:00.740000+00:00

[S0132] H1N1

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-25 14:45:07.358000+00:00	2026-05-12 15:12:00.740000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0246] HARDRAIN

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-25 14:44:34.161000+00:00	2026-05-12 15:12:00.739000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S1229] Havoc

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 12:17:28.794000+00:00	2026-05-12 15:12:00.733000+00:00

[S9023] HiddenFace

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 02:31:26.041000+00:00	2026-05-12 15:12:00.739000+00:00

[S0357] Impacket

Current version: 1.8

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-04 17:16:12.597000+00:00	2026-05-12 15:12:00.740000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0604] Industroyer

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 14:11:53.057000+00:00	2026-05-12 15:12:00.739000+00:00

[S9029] IronWind

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 00:32:35.569000+00:00	2026-05-12 15:12:00.732000+00:00

[S9035] LAMEHUG

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 23:56:18.785000+00:00	2026-05-12 15:12:00.739000+00:00

[S9020] LODEINFO

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 02:29:49.185000+00:00	2026-05-12 15:12:00.735000+00:00

[S0372] LockerGoga

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 22:21:12.036000+00:00	2026-05-12 15:12:00.733000+00:00

[S0500] MCMD

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:07:56.328000+00:00	2026-05-12 15:12:00.740000+00:00

[S0002] Mimikatz

Current version: 1.11

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-19 18:13:24.015000+00:00	2026-05-12 15:12:00.740000+00:00

[S9025] NOOPLDR

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 23:22:17.808000+00:00	2026-05-12 15:12:00.734000+00:00

[S0039] Net

Current version: 2.8

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:16:53.721000+00:00	2026-05-12 15:12:00.740000+00:00

[S0359] Nltest

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 13:17:52.139000+00:00	2026-05-12 15:12:00.740000+00:00

[S9014] PHASEJAM

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 02:56:02.086000+00:00	2026-05-12 15:12:00.739000+00:00

[S9028] PHPsert

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 23:57:49.687000+00:00	2026-05-12 15:12:00.739000+00:00

[S1228] PUBLOAD

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-08 13:51:05.286000+00:00	2026-05-12 15:12:00.733000+00:00

[S0097] Ping

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:17:47.775000+00:00	2026-05-12 15:12:00.740000+00:00

[S0013] PlugX

Current version: 3.3

Details

values_changed
STIX Field	Old value	New Value
modified	2025-11-20 22:48:45.121000+00:00	2026-05-12 15:12:00.734000+00:00

[S0029] PsExec

Current version: 1.7

Details

values_changed
STIX Field	Old value	New Value
modified	2024-09-25 20:31:21.768000+00:00	2026-05-12 15:12:00.741000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0262] QuasarRAT

Current version: 2.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 19:56:22.409000+00:00	2026-05-12 15:12:00.741000+00:00

[S9026] ROAMINGHOUSE

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 20:58:39.745000+00:00	2026-05-12 15:12:00.733000+00:00

[S1040] Rclone

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 13:39:30.460000+00:00	2026-05-12 15:12:00.740000+00:00

[S0125] Remsec

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2025-06-06 14:56:00.296000+00:00	2026-05-12 15:12:00.735000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S1071] Rubeus

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-19 16:35:49.683000+00:00	2026-05-12 15:12:00.741000+00:00

[S9037] RustyWater

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 02:45:33.450000+00:00	2026-05-12 15:12:00.733000+00:00

[S9030] SameCoin

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 00:47:27.191000+00:00	2026-05-12 15:12:00.733000+00:00

[S1178] ShrinkLocker

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-26 20:55:58.133000+00:00	2026-05-12 15:12:00.733000+00:00

[S1239] TONESHELL

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-08 13:49:07.222000+00:00	2026-05-12 15:12:00.733000+00:00

[S0263] TYPEFRAME

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2024-04-10 22:26:03.638000+00:00	2026-05-12 15:12:00.735000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0057] Tasklist

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:20:48.948000+00:00	2026-05-12 15:12:00.740000+00:00

[S0183] Tor

Current version: 1.5

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 21:19:41.095000+00:00	2026-05-12 15:12:00.741000+00:00

[S9034] Tsundere Botnet

Current version: 1.0

	Old Description			New Description
t	1	[Tsundere Botnet](https://attack.mitre.org/software/S9034) i	t	1	[Tsundere Botnet](https://attack.mitre.org/software/S9034) i
	>	s a botnet first reported in mid-2025 that is delivered via		>	s a botnet first reported in mid-2025 that is delivered via
	>	MSI installer or PowerShell script. It leverages Node.js and		>	MSI installer or a PowerShell script. It leverages Node.js a
	>	JavaScript for payload delivery and execution, and uses sma		>	nd JavaScript for payload delivery and execution, and uses s
	>	rt contracts on the blockchain to host command and control (		>	mart contracts on the blockchain to host command and control
	>	C2) addresses. [Tsundere Botnet](https://attack.mitre.org/so		>	(C2) addresses. [Tsundere Botnet](https://attack.mitre.org/
	>	ftware/S9034) is attributed to a likely Russian-speaking thr		>	software/S9034) is attributed to a likely Russian-speaking t
	>	eat actor. A variant named DinDoor has been linked to [Mudd		>	hreat actor. A variant named DinDoor has been linked to [Mu
	>	yWater](https://attack.mitre.org/groups/G0069) operations an		>	ddyWater](https://attack.mitre.org/groups/G0069) operations
	>	d uses the Deno runtime for execution rather than Node.js. (		>	and uses the Deno runtime for execution rather than Node.js.
	>	Citation: Checkpoint_MOISCyberCrime_Mar2026)(Citation: SOCRa		>	(Citation: Checkpoint_MOISCyberCrime_Mar2026)(Citation: SOCR
	>	dar_MuddyWaterDindoor_Mar2026)(Citation: CAL_MuddyWater_Mar2		>	adar_MuddyWaterDindoor_Mar2026)(Citation: CAL_MuddyWater_Mar
	>	026)(Citation: SecureListUbiedo_Tsundere_Nov2025)		>	2026)(Citation: SecureListUbiedo_Tsundere_Nov2025)

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 02:54:33.159000+00:00	2026-05-12 15:12:00.733000+00:00
description	[Tsundere Botnet](https://attack.mitre.org/software/S9034) is a botnet first reported in mid-2025 that is delivered via MSI installer or PowerShell script. It leverages Node.js and JavaScript for payload delivery and execution, and uses smart contracts on the blockchain to host command and control (C2) addresses. [Tsundere Botnet](https://attack.mitre.org/software/S9034) is attributed to a likely Russian-speaking threat actor. A variant named DinDoor has been linked to [MuddyWater](https://attack.mitre.org/groups/G0069) operations and uses the Deno runtime for execution rather than Node.js. (Citation: Checkpoint_MOISCyberCrime_Mar2026)(Citation: SOCRadar_MuddyWaterDindoor_Mar2026)(Citation: CAL_MuddyWater_Mar2026)(Citation: SecureListUbiedo_Tsundere_Nov2025)	[Tsundere Botnet](https://attack.mitre.org/software/S9034) is a botnet first reported in mid-2025 that is delivered via MSI installer or a PowerShell script. It leverages Node.js and JavaScript for payload delivery and execution, and uses smart contracts on the blockchain to host command and control (C2) addresses. [Tsundere Botnet](https://attack.mitre.org/software/S9034) is attributed to a likely Russian-speaking threat actor. A variant named DinDoor has been linked to [MuddyWater](https://attack.mitre.org/groups/G0069) operations and uses the Deno runtime for execution rather than Node.js.(Citation: Checkpoint_MOISCyberCrime_Mar2026)(Citation: SOCRadar_MuddyWaterDindoor_Mar2026)(Citation: CAL_MuddyWater_Mar2026)(Citation: SecureListUbiedo_Tsundere_Nov2025)

[S0275] UPPERCUT

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 21:04:29.621000+00:00	2026-05-12 15:12:00.740000+00:00

[S0645] Wevtutil

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:19:59.238000+00:00	2026-05-12 15:12:00.741000+00:00

[S0160] certutil

Current version: 1.6

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 21:03:22.466000+00:00	2026-05-12 15:12:00.740000+00:00

[S0032] gh0st RAT

Current version: 3.3

Details

values_changed
STIX Field	Old value	New Value
modified	2024-05-07 19:07:45.403000+00:00	2026-05-12 15:12:00.737000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0100] ipconfig

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-17 14:12:13.437000+00:00	2026-05-12 15:12:00.740000+00:00

[S0102] nbtstat

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-25 14:45:26.343000+00:00	2026-05-12 15:12:00.740000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0104] netstat

Current version: 1.4

Details

values_changed
STIX Field	Old value	New Value
modified	2024-11-27 21:54:49.561000+00:00	2026-05-12 15:12:00.740000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[S0385] njRAT

Current version: 1.7

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 15:13:03.813000+00:00	2026-05-12 15:12:00.739000+00:00

[S0225] sqlmap

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-19 18:21:12.122000+00:00	2026-05-12 15:12:00.740000+00:00

mobile-attack

Patches

[S9030] SameCoin

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 00:47:27.191000+00:00	2026-05-12 15:12:00.733000+00:00

[S9006] VajraSpy

Current version: 1.0

	Old Description			New Description
t	1	[VajraSpy](https://attack.mitre.org/software/S9006) is Andro	t	1	[VajraSpy](https://attack.mitre.org/software/S9006) is Andro
	>	id malware distributed via trojanized messaging and news app		>	id malware distributed via trojanized messaging and news app
	>	lications. It has been used to target individuals in Pakista		>	lications. It has been used to target individuals in Pakista
	>	n and India since at least 2021 and has been delivered throu		>	n and India since at least 2021 and has been delivered throu
	>	gh the Google Play Store, malicious domains, and other uncon		>	gh the Google Play Store, malicious domains, and other uncon
	>	trolled distribution channels. [VajraSpy](https://attack.mit		>	trolled distribution channels. [VajraSpy](https://attack.mit
	>	re.org/software/S9006) is attributed with high confidence to		>	re.org/software/S9006) is attributed with high confidence to
	>	[Patchwork](https://attack.mitre.org/groups/G0040) which ha		>	[Patchwork](https://attack.mitre.org/groups/G0040) which ha
	>	s used the malware to conduct targeted espionage, primarily		>	s used the malware to conduct targeted espionage, primarily
	>	against devices in Pakistan. (Citation: ESET_VajraSpy_Feb202		>	against devices in Pakistan.(Citation: ESET_VajraSpy_Feb2024
	>	4)(Citation: ArcticWolf_DroppingElephant_July2025)(Citation:		>	)(Citation: ArcticWolf_DroppingElephant_July2025)(Citation:
	>	K7Dhanalakshmi_VajraSpy_April2022)		>	K7Dhanalakshmi_VajraSpy_April2022)

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 01:32:27.375000+00:00	2026-05-12 15:12:00.736000+00:00
description	[VajraSpy](https://attack.mitre.org/software/S9006) is Android malware distributed via trojanized messaging and news applications. It has been used to target individuals in Pakistan and India since at least 2021 and has been delivered through the Google Play Store, malicious domains, and other uncontrolled distribution channels. [VajraSpy](https://attack.mitre.org/software/S9006) is attributed with high confidence to [Patchwork](https://attack.mitre.org/groups/G0040) which has used the malware to conduct targeted espionage, primarily against devices in Pakistan. (Citation: ESET_VajraSpy_Feb2024)(Citation: ArcticWolf_DroppingElephant_July2025)(Citation: K7Dhanalakshmi_VajraSpy_April2022)	[VajraSpy](https://attack.mitre.org/software/S9006) is Android malware distributed via trojanized messaging and news applications. It has been used to target individuals in Pakistan and India since at least 2021 and has been delivered through the Google Play Store, malicious domains, and other uncontrolled distribution channels. [VajraSpy](https://attack.mitre.org/software/S9006) is attributed with high confidence to [Patchwork](https://attack.mitre.org/groups/G0040) which has used the malware to conduct targeted espionage, primarily against devices in Pakistan.(Citation: ESET_VajraSpy_Feb2024)(Citation: ArcticWolf_DroppingElephant_July2025)(Citation: K7Dhanalakshmi_VajraSpy_April2022)

ics-attack

Patches

[S1045] INCONTROLLER

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 14:06:34.251000+00:00	2026-05-12 15:12:00.739000+00:00

[S0604] Industroyer

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 14:11:53.057000+00:00	2026-05-12 15:12:00.739000+00:00

[S0372] LockerGoga

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 22:21:12.036000+00:00	2026-05-12 15:12:00.733000+00:00

[S1006] PLC-Blaster

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 14:17:13.861000+00:00	2026-05-12 15:12:00.733000+00:00

[S1009] Triton

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 20:06:22.741000+00:00	2026-05-12 15:12:00.736000+00:00

Groups

enterprise-attack

Minor Version Changes

[G0040] Patchwork

Current version: 1.7

Version changed from: 1.6 → 1.7

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-21 23:13:16.458000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_version	1.6	1.7

Patches

[G0007] APT28

Current version: 5.3

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-21 13:20:49.866000+00:00	2026-05-12 15:12:00.732000+00:00

[G1044] APT42

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-03-08 18:42:45.320000+00:00	2026-05-12 15:12:00.732000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[G1052] Contagious Interview

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 02:54:55.039000+00:00	2026-05-12 15:12:00.732000+00:00

[G0046] FIN7

Current version: 4.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 03:18:58.136000+00:00	2026-05-12 15:12:00.732000+00:00

[G0117] Fox Kitten

Current version: 2.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2024-01-08 22:00:34.410000+00:00	2026-05-12 15:12:00.732000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[G0047] Gamaredon Group

Current version: 3.3

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-19 00:11:03.898000+00:00	2026-05-12 15:12:00.731000+00:00

[G0078] Gorgon Group

Current version: 1.5

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-04-25 14:49:11.522000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[G1001] HEXANE

Current version: 2.3

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2024-08-14 15:24:19.141000+00:00	2026-05-12 15:12:00.732000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[G0032] Lazarus Group

Current version: 5.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 01:29:21.748000+00:00	2026-05-12 15:12:00.732000+00:00

[G0140] LazyScripter

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2024-11-17 14:12:07.294000+00:00	2026-05-12 15:12:00.732000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[G0059] Magic Hound

Current version: 6.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2024-11-17 16:17:26.385000+00:00	2026-05-12 15:12:00.732000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[G1009] Moses Staff

Current version: 2.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2024-04-11 00:39:25.190000+00:00	2026-05-12 15:12:00.732000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[G0069] MuddyWater

Current version: 7.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 03:26:57.416000+00:00	2026-05-12 15:12:00.731000+00:00

[G0129] Mustang Panda

Current version: 3.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-19 00:11:03.898000+00:00	2026-05-12 15:12:00.732000+00:00

[G0049] OilRig

Current version: 5.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-01-16 18:55:49.463000+00:00	2026-05-12 15:12:00.732000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[G1033] Star Blizzard

Current version: 2.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-22 22:12:56.172000+00:00	2026-05-12 15:12:00.732000+00:00

[G1055] VOID MANTICORE

Current version: 1.0

	Old Description			New Description
t	1	[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a	t	1	[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a
	>	threat group assessed to operate on behalf of Iran’s Minist		>	threat group assessed to operate on behalf of Iran’s Minist
	>	ry of Intelligence and Security (MOIS).(Citation: Check Poin		>	ry of Intelligence and Security (MOIS).(Citation: Check Poin
	>	t VOID MANTICORE Handala Hack March 2026) Active since at le		>	t VOID MANTICORE Handala Hack March 2026) Active since at le
	>	ast mid-2022, VOID MANTICORE has targeted government entitie		>	ast mid-2022, VOID MANTICORE has targeted government entitie
	>	s, critical infrastructure, and private sector organizations		>	s, critical infrastructure, and private sector organizations
	>	across Albania, Israel, and the United States.(Citation: Ch		>	across Albania, Israel, and the United States.(Citation: Ch
	>	eck Point VOID MANTICORE Handala Hack March 2026)(Citation:		>	eck Point VOID MANTICORE Handala Hack March 2026)(Citation:
	>	Palo Alto VOID MANTICORE Iran Cyber Threats March 2026) [VOI		>	Palo Alto VOID MANTICORE Iran Cyber Threats March 2026) [VOI
	>	D MANTICORE](https://attack.mitre.org/groups/G1055) conducts		>	D MANTICORE](https://attack.mitre.org/groups/G1055) conducts
	>	destructive cyber operations, combining wiper attacks with		>	destructive cyber operations, combining wiper attacks with
	>	hack-and-leak campaigns. The group has operated under multip		>	hack-and-leak campaigns. The group has operated under multip
	>	le public-facing personas, including (LinkByld: C0038) in op		>	le public-facing personas, including [HomeLand Justice](http
	>	erations against Albania, Karma and Karma Below in campaigns		>	s://attack.mitre.org/campaigns/C0038) in operations against
	>	targeting Israeli organizations, and Handala Hack, its curr		>	Albania, Karma and Karma Below in campaigns targeting Israel
	>	ent primary persona, which has claimed activity against Isra		>	i organizations, and Handala Hack, its current primary perso
	>	eli and U.S. entities, including a March 2026 attack against		>	na, which has claimed activity against Israeli and U.S. enti
	>	Stryker Corporation.(Citation: Check Point VOID MANTICORE H		>	ties, including a March 2026 attack against Stryker Corporat
	>	andala Hack March 2026)(Citation: DOJ FBI Handala Hack March		>	ion.(Citation: Check Point VOID MANTICORE Handala Hack March
	>	2026) [VOID MANTICORE](https://attack.mitre.org/groups/G10		>	2026)(Citation: DOJ FBI Handala Hack March 2026) [VOID MAN
	>	55) has been observed collaborating with Scarred Manticore,		>	TICORE](https://attack.mitre.org/groups/G1055) has been obse
	>	which has been linked to initial access operations preceding		>	rved collaborating with Scarred Manticore, which has been li
	>	VOID MANTICORE’s activity.(Citation: Domain Tools Handala H		>	nked to initial access operations preceding VOID MANTICORE’s
	>	ack Karma Homeland Justice MOIS April 2026)		>	activity.(Citation: Domain Tools Handala Hack Karma Homelan
				>	d Justice MOIS April 2026)

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 01:46:56.261000+00:00	2026-05-12 16:30:18.375000+00:00
description	[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active since at least mid-2022, VOID MANTICORE has targeted government entities, critical infrastructure, and private sector organizations across Albania, Israel, and the United States.(Citation: Check Point VOID MANTICORE Handala Hack March 2026)(Citation: Palo Alto VOID MANTICORE Iran Cyber Threats March 2026) [VOID MANTICORE](https://attack.mitre.org/groups/G1055) conducts destructive cyber operations, combining wiper attacks with hack-and-leak campaigns. The group has operated under multiple public-facing personas, including (LinkByld: C0038) in operations against Albania, Karma and Karma Below in campaigns targeting Israeli organizations, and Handala Hack, its current primary persona, which has claimed activity against Israeli and U.S. entities, including a March 2026 attack against Stryker Corporation.(Citation: Check Point VOID MANTICORE Handala Hack March 2026)(Citation: DOJ FBI Handala Hack March 2026) [VOID MANTICORE](https://attack.mitre.org/groups/G1055) has been observed collaborating with Scarred Manticore, which has been linked to initial access operations preceding VOID MANTICORE’s activity.(Citation: Domain Tools Handala Hack Karma Homeland Justice MOIS April 2026)	[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active since at least mid-2022, VOID MANTICORE has targeted government entities, critical infrastructure, and private sector organizations across Albania, Israel, and the United States.(Citation: Check Point VOID MANTICORE Handala Hack March 2026)(Citation: Palo Alto VOID MANTICORE Iran Cyber Threats March 2026) [VOID MANTICORE](https://attack.mitre.org/groups/G1055) conducts destructive cyber operations, combining wiper attacks with hack-and-leak campaigns. The group has operated under multiple public-facing personas, including [HomeLand Justice](https://attack.mitre.org/campaigns/C0038) in operations against Albania, Karma and Karma Below in campaigns targeting Israeli organizations, and Handala Hack, its current primary persona, which has claimed activity against Israeli and U.S. entities, including a March 2026 attack against Stryker Corporation.(Citation: Check Point VOID MANTICORE Handala Hack March 2026)(Citation: DOJ FBI Handala Hack March 2026) [VOID MANTICORE](https://attack.mitre.org/groups/G1055) has been observed collaborating with Scarred Manticore, which has been linked to initial access operations preceding VOID MANTICORE’s activity.(Citation: Domain Tools Handala Hack Karma Homeland Justice MOIS April 2026)

[G0102] Wizard Spider

Current version: 4.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-01-20 16:26:04.859000+00:00	2026-05-12 15:12:00.732000+00:00

[G0045] menuPass

Current version: 3.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2024-11-17 23:19:12.450000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

mobile-attack

Minor Version Changes

[G0040] Patchwork

Current version: 1.7

Version changed from: 1.6 → 1.7

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-21 23:13:16.458000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_version	1.6	1.7

Patches

[G0007] APT28

Current version: 5.3

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-21 13:20:49.866000+00:00	2026-05-12 15:12:00.732000+00:00

[G0069] MuddyWater

Current version: 7.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 03:26:57.416000+00:00	2026-05-12 15:12:00.731000+00:00

[G1033] Star Blizzard

Current version: 2.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-22 22:12:56.172000+00:00	2026-05-12 15:12:00.732000+00:00

ics-attack

Patches

[G0046] FIN7

Current version: 4.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 03:18:58.136000+00:00	2026-05-12 15:12:00.732000+00:00

[G1001] HEXANE

Current version: 2.3

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2024-08-14 15:24:19.141000+00:00	2026-05-12 15:12:00.732000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[G0032] Lazarus Group

Current version: 5.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 01:29:21.748000+00:00	2026-05-12 15:12:00.732000+00:00

[G0049] OilRig

Current version: 5.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-01-16 18:55:49.463000+00:00	2026-05-12 15:12:00.732000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[G0102] Wizard Spider

Current version: 4.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-01-20 16:26:04.859000+00:00	2026-05-12 15:12:00.732000+00:00

Campaigns

enterprise-attack

Patches

[C0063] 2025 Poland Wiper Attacks

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_domains		['enterprise-attack', 'ics-attack']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 23:21:30.984000+00:00	2026-05-12 15:12:00.730000+00:00

[C0051] APT28 Nearest Neighbor Campaign

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_domains		['enterprise-attack', 'mobile-attack']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-03-10 19:48:56.912000+00:00	2026-05-12 15:12:00.730000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[C0060] Operation AkaiRyū

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_domains		['enterprise-attack']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 02:25:15.505000+00:00	2026-05-12 15:12:00.730000+00:00

[C0005] Operation Spalax

Current version: 1.1

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_domains		['enterprise-attack']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2024-04-11 00:29:32.199000+00:00	2026-05-12 15:12:00.730000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[C0014] Operation Wocao

Current version: 1.2

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_domains		['enterprise-attack']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-21 03:04:25.546000+00:00	2026-05-12 15:12:00.730000+00:00

[C0056] RedPenguin

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_domains		['enterprise-attack']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2025-10-24 03:46:34.675000+00:00	2026-05-12 15:12:00.729000+00:00

[C0030] Triton Safety Instrumented System Attack

Current version: 1.1

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_domains		['ics-attack', 'enterprise-attack']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:24:57.457000+00:00	2026-05-12 15:12:00.729000+00:00

[C0037] Water Curupira Pikabot Distribution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_domains		['enterprise-attack']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 18:11:30.378000+00:00	2026-05-12 15:12:00.730000+00:00

ics-attack

Patches

[C0063] 2025 Poland Wiper Attacks

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_domains		['enterprise-attack', 'ics-attack']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 23:21:30.984000+00:00	2026-05-12 15:12:00.730000+00:00

[C0030] Triton Safety Instrumented System Attack

Current version: 1.1

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_domains		['ics-attack', 'enterprise-attack']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:24:57.457000+00:00	2026-05-12 15:12:00.729000+00:00

Assets

ics-attack

Patches

[A0008] Application Server

Current version: 2.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T14:58:00.982Z	2023-09-28 14:58:00.982000+00:00
modified	2026-04-23T01:01:24.568Z	2026-05-12 15:12:00.768000+00:00

[A0007] Control Server

Current version: 2.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T14:55:39.339Z	2023-09-28 14:55:39.339000+00:00
modified	2026-04-23T01:04:14.767Z	2026-05-12 15:12:00.768000+00:00

[A0009] Data Gateway

Current version: 2.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T15:01:48.509Z	2023-09-28 15:01:48.509000+00:00
modified	2026-04-27T17:47:40.077Z	2026-05-12 15:12:00.768000+00:00

[A0006] Data Historian

Current version: 2.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T14:48:36.305Z	2023-09-28 14:48:36.305000+00:00
modified	2026-04-23T01:03:57.506Z	2026-05-12 15:12:00.768000+00:00

[A0017] Distributed Control System (DCS) Controller

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-09-24T22:53:09.627Z	2025-09-24 22:53:09.627000+00:00
modified	2026-04-23T01:01:01.668Z	2026-05-12 15:12:00.768000+00:00

[A0013] Field I/O

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T17:57:22.946Z	2023-09-28 17:57:22.946000+00:00
modified	2026-04-27T16:50:21.228Z	2026-05-12 15:12:00.768000+00:00

[A0016] Firewall

Current version: 1.1

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_related_assets		['General']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-09-24T18:17:26.575Z	2025-09-24 18:17:26.575000+00:00
modified	2026-04-27T18:02:22.344Z	2026-05-12 14:53:28.476000+00:00

[A0002] Human-Machine Interface (HMI)

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T14:38:54.407Z	2023-09-28 14:38:54.407000+00:00
modified	2026-04-23T00:58:37.171Z	2026-05-12 15:12:00.768000+00:00

[A0005] Intelligent Electronic Device (IED)

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T14:46:42.566Z	2023-09-28 14:46:42.566000+00:00
modified	2026-04-27T16:47:33.077Z	2026-05-12 15:12:00.768000+00:00

[A0012] Jump Host

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T17:52:53.206Z	2023-09-28 17:52:53.206000+00:00
modified	2026-04-23T00:58:05.830Z	2026-05-12 15:12:00.768000+00:00

[A0018] Programmable Automation Controller (PAC)

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-09-29T18:56:19.712Z	2025-09-29 18:56:19.712000+00:00
modified	2026-04-27T16:50:01.628Z	2026-05-12 15:12:00.768000+00:00

[A0003] Programmable Logic Controller (PLC)

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T14:43:05.105Z	2023-09-28 14:43:05.105000+00:00
modified	2026-04-27T16:47:46.663Z	2026-05-12 15:12:00.768000+00:00

[A0004] Remote Terminal Unit (RTU)

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T14:44:54.756Z	2023-09-28 14:44:54.756000+00:00
modified	2026-04-23T00:58:18.239Z	2026-05-12 15:12:00.768000+00:00

[A0014] Routers

Current version: 2.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-29T18:55:09.319Z	2023-09-29 18:55:09.319000+00:00
modified	2026-04-27T17:45:55.901Z	2026-05-12 15:12:00.768000+00:00

[A0010] Safety Controller

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T15:10:05.534Z	2023-09-28 15:10:05.534000+00:00
modified	2026-04-27T17:25:50.475Z	2026-05-12 15:12:00.768000+00:00

[A0015] Switch

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-09-24T17:53:28.482Z	2025-09-24 17:53:28.482000+00:00
modified	2026-04-27T18:01:55.383Z	2026-05-12 15:12:00.768000+00:00

[A0011] Virtual Private Network (VPN) Server

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T15:13:07.950Z	2023-09-28 15:13:07.950000+00:00
modified	2026-04-23T00:57:53.372Z	2026-05-12 15:12:00.768000+00:00

[A0001] Workstation

Current version: 2.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2023-09-28T14:22:49.837Z	2023-09-28 14:22:49.837000+00:00
modified	2026-04-23T01:04:34.868Z	2026-05-12 15:12:00.768000+00:00

Mitigations

enterprise-attack

Patches

[M1036] Account Use Policies

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2024-12-10 15:55:53.913000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M1047] Audit

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2024-12-10 16:28:27.046000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M1042] Disable or Remove Feature or Program

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2024-12-10 19:21:06.027000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M1038] Execution Prevention

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2024-12-11 18:10:27.976000+00:00	2026-05-12 15:12:00.730000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M1037] Filter Network Traffic

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2024-12-11 19:43:03.354000+00:00	2026-05-12 15:12:00.730000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M1030] Network Segmentation

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 19:41:50.467000+00:00	2026-05-12 15:12:00.731000+00:00

[M1056] Pre-compromise

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2024-12-18 18:24:37.835000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M1022] Restrict File and Directory Permissions

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2024-12-18 19:18:58.856000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M1024] Restrict Registry Permissions

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2024-12-24 13:34:49.309000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M1018] User Account Management

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2024-12-24 14:33:36.029000+00:00	2026-05-12 15:12:00.731000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M1017] User Training

Current version: 1.3

Details

values_changed
STIX Field	Old value	New Value
modified	2024-12-24 14:36:46.335000+00:00	2026-05-12 15:12:00.730000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

ics-attack

Patches

[M0801] Access Management

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:47:44.798000+00:00	2026-05-12 15:12:00.730000+00:00

[M0947] Audit

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:54:39.756000+00:00	2026-05-12 15:12:00.731000+00:00

[M0800] Authorization Enforcement

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:54:03.965000+00:00	2026-05-12 15:12:00.731000+00:00

[M0946] Boot Integrity

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:55:57.931000+00:00	2026-05-12 15:12:00.731000+00:00

[M0945] Code Signing

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:54:56.965000+00:00	2026-05-12 15:12:00.731000+00:00

[M0802] Communication Authenticity

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:54:21.289000+00:00	2026-05-12 15:12:00.731000+00:00

[M0808] Encrypt Network Traffic

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:55:38.098000+00:00	2026-05-12 15:12:00.731000+00:00

[M0941] Encrypt Sensitive Information

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:56:16.357000+00:00	2026-05-12 15:12:00.731000+00:00

[M0937] Filter Network Traffic

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:45:45.801000+00:00	2026-05-12 15:12:00.730000+00:00

[M0804] Human User Authentication

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:50:55.165000+00:00	2026-05-12 15:12:00.730000+00:00

[M0816] Mitigation Limited or Not Effective

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-25 14:39:13.833000+00:00	2026-05-12 15:12:00.730000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M0807] Network Allowlists

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:56:32.131000+00:00	2026-05-12 15:12:00.731000+00:00

[M0931] Network Intrusion Prevention

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:47:04.457000+00:00	2026-05-12 15:12:00.730000+00:00

[M0930] Network Segmentation

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:46:09.190000+00:00	2026-05-12 15:12:00.730000+00:00

[M0810] Out-of-Band Communications Channel

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:56:53.267000+00:00	2026-05-12 15:12:00.731000+00:00

[M0927] Password Policies

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2025-04-16 21:26:28.470000+00:00	2026-05-12 15:12:00.730000+00:00
x_mitre_attack_spec_version	3.2.0	3.3.0

[M0922] Restrict File and Directory Permissions

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:57:09.061000+00:00	2026-05-12 15:12:00.731000+00:00

[M0813] Software Process and Device Authentication

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:55:20.765000+00:00	2026-05-12 15:12:00.731000+00:00

[M0814] Static Network Configuration

Current version: 1.2

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 00:50:32.432000+00:00	2026-05-12 15:12:00.730000+00:00

Data Components

enterprise-attack

Patches

[DC0038] Application Log Content

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 19:46:47.171000+00:00	2026-05-12 15:12:00.776000+00:00

[DC0083] Cloud Service Enumeration

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-23 19:38:20.657000+00:00	2026-05-12 15:12:00.775000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0083	https://attack.mitre.org/datacomponents/DC0083

[DC0064] Command Execution

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 19:47:16.123000+00:00	2026-05-12 15:12:00.774000+00:00

[DC0074] Driver Metadata

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 17:02:15.878000+00:00	2026-05-12 15:12:00.779000+00:00

[DC0055] File Access

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:39:07.536000+00:00	2026-05-12 15:12:00.770000+00:00

[DC0039] File Creation

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 17:17:05.280000+00:00	2026-05-12 15:12:00.770000+00:00

[DC0040] File Deletion

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:19:16.114000+00:00	2026-05-12 15:12:00.778000+00:00

[DC0059] File Metadata

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:33:47.956000+00:00	2026-05-12 15:12:00.774000+00:00

[DC0061] File Modification

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 16:41:53.549000+00:00	2026-05-12 15:12:00.775000+00:00

[DC0099] Group Enumeration

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 22:21:38.311000+00:00	2026-05-12 15:12:00.775000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0099	https://attack.mitre.org/datacomponents/DC0099

[DC0018] Host Status

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 18:17:23.974000+00:00	2026-05-12 15:12:00.775000+00:00

[DC0073] Instance Modification

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 17:07:21.897000+00:00	2026-05-12 15:12:00.773000+00:00

[DC0016] Module Load

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 17:21:27.873000+00:00	2026-05-12 15:12:00.778000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0016	https://attack.mitre.org/datacomponents/DC0016

[DC0082] Network Connection Creation

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:37:33.992000+00:00	2026-05-12 15:12:00.770000+00:00

[DC0085] Network Traffic Content

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 14:48:50.367000+00:00	2026-05-12 15:12:00.771000+00:00

[DC0078] Network Traffic Flow

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 17:32:30.362000+00:00	2026-05-12 15:12:00.777000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0078	https://attack.mitre.org/datacomponents/DC0078

[DC0021] OS API Execution

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:22:40.476000+00:00	2026-05-12 15:12:00.775000+00:00

[DC0035] Process Access

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-23 18:45:08.713000+00:00	2026-05-12 15:12:00.770000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0035	https://attack.mitre.org/datacomponents/DC0035

[DC0032] Process Creation

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 15:49:16.424000+00:00	2026-05-12 15:12:00.773000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0032	https://attack.mitre.org/datacomponents/DC0032

[DC0034] Process Metadata

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 17:01:33.771000+00:00	2026-05-12 15:12:00.778000+00:00

[DC0001] Scheduled Job Creation

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 17:05:23.355000+00:00	2026-05-12 15:12:00.778000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0001	https://attack.mitre.org/datacomponents/DC0001

[DC0041] Service Metadata

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 16:59:19.254000+00:00	2026-05-12 15:12:00.774000+00:00

[DC0065] Service Modification

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 18:21:23.994000+00:00	2026-05-12 15:12:00.774000+00:00

[DC0002] User Account Authentication

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 19:47:33.610000+00:00	2026-05-12 15:12:00.777000+00:00

[DC0013] User Account Metadata

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 22:24:06.660000+00:00	2026-05-12 15:12:00.778000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0013	https://attack.mitre.org/datacomponents/DC0013

[DC0063] Windows Registry Key Modification

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 23:12:09.029000+00:00	2026-05-12 15:12:00.778000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0063	https://attack.mitre.org/datacomponents/DC0063

mobile-attack

Patches

[DC0112] API Calls

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-16 16:18:01.897000+00:00	2026-05-12 15:12:00.773000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0112	https://attack.mitre.org/datacomponents/DC0112

[DC0119] Application Assets

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-11 15:49:22.334000+00:00	2026-05-12 15:12:00.773000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0119	https://attack.mitre.org/datacomponents/DC0119

[DC0038] Application Log Content

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 19:46:47.171000+00:00	2026-05-12 15:12:00.776000+00:00

[DC0114] Application Permission

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:21:10.349000+00:00	2026-05-12 15:12:00.778000+00:00

[DC0123] Application State

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-15 20:49:00.264000+00:00	2026-05-12 15:12:00.773000+00:00

[DC0083] Cloud Service Enumeration

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-23 19:38:20.657000+00:00	2026-05-12 15:12:00.775000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0083	https://attack.mitre.org/datacomponents/DC0083

[DC0064] Command Execution

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 19:47:16.123000+00:00	2026-05-12 15:12:00.774000+00:00

[DC0055] File Access

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:39:07.536000+00:00	2026-05-12 15:12:00.770000+00:00

[DC0039] File Creation

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 17:17:05.280000+00:00	2026-05-12 15:12:00.770000+00:00

[DC0040] File Deletion

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:19:16.114000+00:00	2026-05-12 15:12:00.778000+00:00

[DC0059] File Metadata

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:33:47.956000+00:00	2026-05-12 15:12:00.774000+00:00

[DC0061] File Modification

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 16:41:53.549000+00:00	2026-05-12 15:12:00.775000+00:00

[DC0018] Host Status

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 18:17:23.974000+00:00	2026-05-12 15:12:00.775000+00:00

[DC0016] Module Load

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 17:21:27.873000+00:00	2026-05-12 15:12:00.778000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0016	https://attack.mitre.org/datacomponents/DC0016

[DC0113] Network Communication

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-11 15:52:58.538000+00:00	2026-05-12 15:12:00.774000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0113	https://attack.mitre.org/datacomponents/DC0113

[DC0082] Network Connection Creation

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:37:33.992000+00:00	2026-05-12 15:12:00.770000+00:00

[DC0085] Network Traffic Content

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 14:48:50.367000+00:00	2026-05-12 15:12:00.771000+00:00

[DC0078] Network Traffic Flow

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 17:32:30.362000+00:00	2026-05-12 15:12:00.777000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0078	https://attack.mitre.org/datacomponents/DC0078

[DC0021] OS API Execution

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:22:40.476000+00:00	2026-05-12 15:12:00.775000+00:00

[DC0035] Process Access

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-23 18:45:08.713000+00:00	2026-05-12 15:12:00.770000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0035	https://attack.mitre.org/datacomponents/DC0035

[DC0032] Process Creation

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 15:49:16.424000+00:00	2026-05-12 15:12:00.773000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0032	https://attack.mitre.org/datacomponents/DC0032

[DC0034] Process Metadata

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 17:01:33.771000+00:00	2026-05-12 15:12:00.778000+00:00

[DC0115] Protected Configuration

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 23:45:27.570000+00:00	2026-05-12 15:12:00.774000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0115	https://attack.mitre.org/datacomponents/DC0115

[DC0001] Scheduled Job Creation

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 17:05:23.355000+00:00	2026-05-12 15:12:00.778000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0001	https://attack.mitre.org/datacomponents/DC0001

[DC0117] System Notifications

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-10 15:59:54.007000+00:00	2026-05-12 15:12:00.778000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0117	https://attack.mitre.org/datacomponents/DC0117

[DC0118] System Settings

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-08 20:14:04.248000+00:00	2026-05-12 15:12:00.773000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0118	https://attack.mitre.org/datacomponents/DC0118

[DC0002] User Account Authentication

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 19:47:33.610000+00:00	2026-05-12 15:12:00.777000+00:00

ics-attack

Patches

[DC0038] Application Log Content

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 19:46:47.171000+00:00	2026-05-12 15:12:00.776000+00:00

[DC0064] Command Execution

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 19:47:16.123000+00:00	2026-05-12 15:12:00.774000+00:00

[DC0055] File Access

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:39:07.536000+00:00	2026-05-12 15:12:00.770000+00:00

[DC0039] File Creation

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 17:17:05.280000+00:00	2026-05-12 15:12:00.770000+00:00

[DC0040] File Deletion

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:19:16.114000+00:00	2026-05-12 15:12:00.778000+00:00

[DC0059] File Metadata

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:33:47.956000+00:00	2026-05-12 15:12:00.774000+00:00

[DC0061] File Modification

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 16:41:53.549000+00:00	2026-05-12 15:12:00.775000+00:00

[DC0016] Module Load

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 17:21:27.873000+00:00	2026-05-12 15:12:00.778000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0016	https://attack.mitre.org/datacomponents/DC0016

[DC0082] Network Connection Creation

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:37:33.992000+00:00	2026-05-12 15:12:00.770000+00:00

[DC0085] Network Traffic Content

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 14:48:50.367000+00:00	2026-05-12 15:12:00.771000+00:00

[DC0078] Network Traffic Flow

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 17:32:30.362000+00:00	2026-05-12 15:12:00.777000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0078	https://attack.mitre.org/datacomponents/DC0078

[DC0021] OS API Execution

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-23 18:22:40.476000+00:00	2026-05-12 15:12:00.775000+00:00

[DC0032] Process Creation

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 15:49:16.424000+00:00	2026-05-12 15:12:00.773000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0032	https://attack.mitre.org/datacomponents/DC0032

[DC0107] Process History/Live Data

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 14:51:44.669000+00:00	2026-05-12 15:12:00.775000+00:00

[DC0034] Process Metadata

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 17:01:33.771000+00:00	2026-05-12 15:12:00.778000+00:00

[DC0109] Process/Event Alarm

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-22 15:07:16.930000+00:00	2026-05-12 15:12:00.773000+00:00

[DC0001] Scheduled Job Creation

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 17:05:23.355000+00:00	2026-05-12 15:12:00.778000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0001	https://attack.mitre.org/datacomponents/DC0001

[DC0041] Service Metadata

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-16 16:59:19.254000+00:00	2026-05-12 15:12:00.774000+00:00

[DC0065] Service Modification

Current version: 2.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-20 18:21:23.994000+00:00	2026-05-12 15:12:00.774000+00:00

[DC0002] User Account Authentication

Current version: 3.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 19:47:33.610000+00:00	2026-05-12 15:12:00.777000+00:00

[DC0063] Windows Registry Key Modification

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 23:12:09.029000+00:00	2026-05-12 15:12:00.778000+00:00
external_references[0]['url']	https://attack.mitre.org/data-components/DC0063	https://attack.mitre.org/datacomponents/DC0063

Detection Strategies

enterprise-attack

Patches

[DET0210] Abuse of Domain Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0413] Abuse of Information Repositories for Data Collection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0455] Abuse of PowerShell for Arbitrary Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0120] Account Access Removal via Multi-Platform Audit Correlation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0096] Account Manipulation Behavior Chain Detection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0415] Application Exhaustion Flood Detection Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0397] Automated Exfiltration Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0186] Automated File and API Collection Detection Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0088] Backup Software Discovery via CLI, Registry, and Process Inspection (T1518.002)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0280] Behavior-Based Registry Modification Detection on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0496] Behavior-Chain Detection for Remote Access Tools (Tool-Agnostic)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0124] Behavior-chain detection for T1132.001 Data Encoding: Standard Encoding (Base64/Hex/MIME) across Windows, Linux, macOS, ESXi

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0326] Behavior-chain detection for T1132.002 Data Encoding: Non-Standard Encoding across Windows, Linux, macOS, ESXi

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0354] Behavior-chain detection for T1133 External Remote Services across Windows, Linux, macOS, Containers

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0283] Behavior-chain detection for T1134 Access Token Manipulation on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0482] Behavior-chain detection for T1134.001 Access Token Manipulation: Token Impersonation/Theft on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0456] Behavior-chain detection for T1134.002 Create Process with Token (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0489] Behavior-chain detection for T1134.004 Access Token Manipulation: Parent PID Spoofing (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0136] Behavior-chain detection for T1134.005 Access Token Manipulation: SID-History Injection (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0182] Behavior-chain detection for T1135 Network Share Discovery across Windows, Linux, and macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0249] Behavior-chain detection for T1610 Deploy Container across Docker & Kubernetes control/node planes

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0556] Behavior-chain detection strategy for T1127.001 Trusted Developer Utilities Proxy Execution: MSBuild (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0191] Behavior-chain detection strategy for T1127.002 Trusted Developer Utilities Proxy Execution: ClickOnce (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0585] Behavior-chain detection strategy for T1127.003 Trusted Developer Utilities Proxy Execution: JamPlus (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0151] Behavior-chain, platform-aware detection strategy for T1124 System Time Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0197] Behavior-chain, platform-aware detection strategy for T1125 Video Capture

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0172] Behavior-chain, platform-aware detection strategy for T1127 Trusted Developer Utilities Proxy Execution (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0018] Behavior-chain, platform-aware detection strategy for T1129 Shared Modules

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0052] Behavioral Detection Strategy for Abuse of Sudo and Sudo Caching

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0131] Behavioral Detection Strategy for Exfiltration Over Alternative Protocol

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0503] Behavioral Detection Strategy for Exfiltration Over Symmetric Encrypted Non-C2 Protocol

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0376] Behavioral Detection Strategy for Network Service Discovery Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0269] Behavioral Detection Strategy for Remote Service Logins and Post-Access Activity

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0221] Behavioral Detection Strategy for T1123 Audio Capture Across Windows, Linux, macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0338] Behavioral Detection Strategy for Use Alternate Authentication Material (T1550)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0185] Behavioral Detection Strategy for Use Alternate Authentication Material: Application Access Token (T1550.001)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0364] Behavioral Detection Strategy for WMI Execution Abuse on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0021] Behavioral Detection for Service Stop across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0329] Behavioral Detection for T1490 - Inhibit System Recovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0100] Behavioral Detection of Asynchronous Procedure Call (APC) Injection via Remote Thread Queuing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0142] Behavioral Detection of CLI Abuse on Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0251] Behavioral Detection of Cloud Group Enumeration via API and CLI Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0165] Behavioral Detection of Command History Clearing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0516] Behavioral Detection of Command and Scripting Interpreter Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0389] Behavioral Detection of DLL Injection via Windows API

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0400] Behavioral Detection of DNS Tunneling and Application Layer Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0360] Behavioral Detection of Domain Group Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0010] Behavioral Detection of Event Triggered Execution Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0590] Behavioral Detection of External Website Defacement across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0499] Behavioral Detection of Fallback or Alternate C2 Channels

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0184] Behavioral Detection of Indicator Removal Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0102] Behavioral Detection of Input Capture Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0357] Behavioral Detection of Internet Connection Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0089] Behavioral Detection of Keylogging Activity Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0114] Behavioral Detection of Local Group Enumeration Across OS Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0520] Behavioral Detection of Log File Clearing on Linux and macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0266] Behavioral Detection of Mailbox Data and Log Deletion for Anti-Forensics

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0078] Behavioral Detection of Malicious Cloud API Scripting

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0140] Behavioral Detection of Malicious File Deletion

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0127] Behavioral Detection of Masquerading Across Platforms via Metadata and Execution Discrepancy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0529] Behavioral Detection of Native API Invocation via Unusual DLL Loads and Direct Syscalls

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0049] Behavioral Detection of Network History and Configuration Tampering

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0103] Behavioral Detection of Network Share Connection Removal via CLI and SMB Disconnects

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0378] Behavioral Detection of Obfuscated Files or Information

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0106] Behavioral Detection of PE Injection via Remote Memory Mapping

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0179] Behavioral Detection of Permission Groups Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0508] Behavioral Detection of Process Injection Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0002] Behavioral Detection of Publish/Subscribe Protocol Misuse for C2

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0008] Behavioral Detection of Remote Cloud Logins via Valid Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0596] Behavioral Detection of Remote SSH Logins Followed by Post-Login Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0521] Behavioral Detection of Spoofed GUI Credential Prompts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0195] Behavioral Detection of System Network Configuration Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0231] Behavioral Detection of Systemd Timer Abuse for Scheduled Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0518] Behavioral Detection of T1498 – Network Denial of Service Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0295] Behavioral Detection of Thread Execution Hijacking via Thread Suspension and Context Switching

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0178] Behavioral Detection of Unauthorized VNC Remote Control Sessions

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0384] Behavioral Detection of Unix Shell Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0093] Behavioral Detection of User Discovery via Local and Remote Enumeration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0076] Behavioral Detection of Visual Basic Execution (VBS/VBA/VBScript)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0464] Behavioral Detection of Wi-Fi Discovery Activity

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0477] Behavioral Detection of WinRM-Based Remote Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0202] Behavioral Detection of Windows Command Shell Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0537] Behavioral detection for Supply Chain Compromise (package/update tamper → install → first-run)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0498] Behavior‑chain detection for T1134.003 Make and Impersonate Token (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0274] Boot or Logon Autostart Execution Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0112] Boot or Logon Initialization Scripts Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0463] Brute Force Authentication Failures with Multi-Platform Log Correlation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0341] Clipboard Data Access with Anomalous Context

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0386] Cloud Account Enumeration via API, CLI, and Scripting Interfaces

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0309] Compromised software/update chain (installer/write → first-run/child → egress/signature anomaly)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0083] Container CLI and API Abuse via Docker/Kubernetes (T1059.013)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0446] Credential Access via /etc/passwd and /etc/shadow Parsing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0085] Credential Dumping from SAM via Registry Dump and Local File Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0234] Credential Dumping via Sensitive Memory and Registry Access Correlation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0460] Credential Stuffing Detection via Reused Breached Credentials Across Services

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0591] Cross-Platform Behavioral Detection of File Timestomping via Metadata Tampering

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0063] Cross-Platform Behavioral Detection of Python Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0094] Cross-Platform Behavioral Detection of Scheduled Task/Job Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0290] Cross-Platform Detection of Cron Job Abuse for Persistence and Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0573] Cross-Platform Detection of Data Transfer to Cloud Account

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0264] Cross-Platform Detection of JavaScript Execution Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0333] Cross-Platform Detection of Scheduled Task/Job Abuse via `at` Utility

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0090] Cross-host C2 via Removable Media Relay

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0238] Defacement via File and Web Content Modification Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0387] Detect ARP Cache Poisoning Across Linux, Windows, and macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0113] Detect AS-REP Roasting Attempts (T1558.004)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0224] Detect Abuse of Component Object Model (T1559.001)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0198] Detect Abuse of Container APIs for Credential Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0504] Detect Abuse of Dynamic Data Exchange (T1559.002)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0493] Detect Abuse of Inter-Process Communication (T1559)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0122] Detect Abuse of Windows Time Providers for Persistence

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0335] Detect Abuse of XPC Services (T1559.003)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0535] Detect Abuse of vSphere Installation Bundles (VIBs) for Persistent Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0381] Detect Access and Decryption of Group Policy Preference (GPP) Credentials in SYSVOL

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0385] Detect Access and Parsing of .bash_history Files for Credential Harvesting

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0412] Detect Access or Search for Unsecured Credentials Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0001] Detect Access to Cloud Instance Metadata API (IaaS)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0307] Detect Access to Unsecured Credential Files Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0396] Detect Access to macOS Keychain for Credential Theft

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0312] Detect Active Setup Persistence via StubPath Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0275] Detect Adversary Deobfuscation or Decoding of Files and Payloads

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0296] Detect Adversary-in-the-Middle via Network and Configuration Anomalies

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0526] Detect Archiving and Encryption of Collected Data (T1560)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0438] Detect Archiving via Custom Method (T1560.003)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0268] Detect Archiving via Library (T1560.002)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0298] Detect Archiving via Utility (T1560.001)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0035] Detect Bidirectional Web Service C2 Channels via Process & Network Correlation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0523] Detect Code Signing Policy Modification (Windows & macOS)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0336] Detect Compromise of Host Software Binaries

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0030] Detect Conditional Access Policy Modification in Identity and Cloud Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0250] Detect Credential Discovery via Windows Registry Enumeration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0430] Detect Credentials Access from Password Stores

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0468] Detect DHCP Spoofing Across Linux, Windows, and macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0061] Detect Default File Association Hijack via Registry & Execution Correlation on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0187] Detect Disabled Windows Event Log

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2026-04-24T20:24:45.876Z	2026-05-12 16:30:18.390000+00:00

[DET0271] Detect Domain Controller Authentication Process Modification (Skeleton Key)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0379] Detect Evil Twin Wi-Fi Access Points on Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0028] Detect Excessive or Unauthorized Bandwidth Usage for Botnet, Proxyjacking, or Scanning Purposes

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0022] Detect Forced SMB/WebDAV Authentication via lure files and outbound NTLM

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0144] Detect Forged Kerberos Golden Tickets (T1558.001)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0241] Detect Forged Kerberos Silver Tickets (T1558.002)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0288] Detect Gatekeeper Bypass via Quarantine Flag and Trust Control Manipulation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0293] Detect Hybrid Identity Authentication Process Modification

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0060] Detect Ingress Tool Transfers via Behavioral Chain

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0157] Detect Kerberoasting Attempts (T1558.003)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0024] Detect Kerberos Ccache File Theft or Abuse (T1558.005)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0522] Detect Kerberos Ticket Theft or Forgery (T1558)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0462] Detect LLMNR/NBT-NS Poisoning and SMB Relay on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0207] Detect LSA Authentication Package Persistence via Registry and LSASS DLL Load

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0047] Detect Local Email Collection via Outlook Data File Access and Command Line Tooling

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0072] Detect Logon Script Modifications and Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0190] Detect MFA Modification or Disabling Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0454] Detect Malicious Modification of Pluggable Authentication Modules (PAM)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0472] Detect Malicious Password Filter DLL Registration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0257] Detect Mark-of-the-Web (MOTW) Bypass via Container and Disk Image Files

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0589] Detect Modification of Authentication Process via Reversible Encryption

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0104] Detect Modification of Authentication Processes Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0272] Detect Modification of Network Device Authentication via Patched System Images

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0429] Detect Modification of macOS Startup Items

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0228] Detect Multi-Stage Command and Control Channels

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0367] Detect Network Logon Script Abuse via Multi-Event Correlation on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0580] Detect Network Provider DLL Registration and Credential Capture

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0053] Detect Obfuscated C2 via Network Traffic Analysis

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0398] Detect Office Startup-Based Persistence via Macros, Forms, and Registry Hooks

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0581] Detect One-Way Web Service Command Channels

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0050] Detect Persistence via Malicious Office Add-ins

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0095] Detect Persistence via Malicious Outlook Rules

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0519] Detect Persistence via Office Template Macro Injection or Registry Hijack

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0315] Detect Persistence via Office Test Registry DLL Injection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0029] Detect Persistence via Outlook Custom Forms Triggered by Malicious Email

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0177] Detect Persistence via Outlook Home Page Exploitation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0365] Detect Registry and Startup Folder Persistence (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0159] Detect Remote Access via USB Hardware (TinyPilot, PiKVM)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0048] Detect Remote Email Collection via Abnormal Login and Programmatic Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0346] Detect Screen Capture via Commands and API Calls

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0154] Detect Screensaver-Based Persistence via Registry and Execution Chains

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0020] Detect Shell Configuration Modification for Persistence via Event-Triggered Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0899] Detect Social Engineering

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-16T16:45:43.694Z	2026-04-16 16:45:43.694000+00:00
modified	2026-04-24T20:22:37.160Z	2026-05-12 16:30:18.390000+00:00

[DET0452] Detect Subversion of Trust Controls via Certificate, Registry, and Attribute Manipulation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0037] Detect Suspicious Access to Browser Credential Stores

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0549] Detect Suspicious Access to Private Key Files and Export Attempts Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0134] Detect Suspicious Access to Windows Credential Manager

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0057] Detect Suspicious Access to securityd Memory for Credential Extraction

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0230] Detect Suspicious or Malicious Code Signing Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0141] Detect Time-Based Evasion via Sleep, Timer Loops, and Delayed Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0130] Detect Unauthorized Access to Cloud Secrets Management Stores

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0597] Detect Unauthorized Access to Password Managers

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0111] Detect Unsecured Credentials Shared in Chat Messages

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0074] Detect Use of Stolen Web Session Cookies Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0420] Detect User Activity Based Sandbox Evasion via Input & Artifact Probing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0086] Detect WMI Event Subscription for Persistence via WmiPrvSE Process and MOF Compilation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0901] Detect Windows Firewall

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-16T17:34:53.603Z	2026-04-16 17:34:53.603000+00:00
modified	2026-04-24T20:22:49.681Z	2026-05-12 16:30:18.390000+00:00

[DET0404] Detect Winlogon Helper DLL Abuse via Registry and Process Artifacts on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0205] Detect XSL Script Abuse via msxsl and wmic

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0488] Detect abuse of Trusted Relationships (third-party and delegated admin access)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0098] Detect abuse of Windows BITS Jobs for download, execution and persistence

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0507] Detect browser session hijacking via privilege, handle access, and remote thread into browsers

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0561] Detect malicious IDE extension install/usage and IDE tunneling

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0125] Detect persistence via reopened application plist modification (macOS)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0473] Detect persistent or elevated container services via container runtime or cluster manipulation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0225] Detect unauthorized LSASS driver persistence via LSA plugin abuse (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0069] Detect unauthorized or suspicious Hardware Additions (USB/Thunderbolt/Network)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0361] Detecting .NET COM Registration Abuse via Regsvcs/Regasm

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0500] Detecting Abnormal SharePoint Data Mining by Privileged or Rare Users

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0263] Detecting Bulk or Anomalous Access to Private Code Repositories via SaaS Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0433] Detecting Code Injection via mavinject.exe (App-V Injector)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0350] Detecting Downgrade Attacks

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0025] Detecting Electron Application Abuse for Proxy Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0011] Detecting Junk Data in C2 Channels via Behavioral Analysis

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0222] Detecting MMC (.msc) Proxy Execution and Malicious COM Activation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0044] Detecting Malicious Browser Extensions Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0506] Detecting Mshta-based Proxy Execution via Suspicious HTA or Script Invocation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0593] Detecting OS Credential Dumping via /proc Filesystem Access on Linux

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0486] Detecting Odbcconf Proxy Execution of Malicious DLLs

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0440] Detecting PowerShell Execution via SyncAppvPublishingServer.vbs Proxy Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0470] Detecting Protocol or Service Impersonation via Anomalous TLS, HTTP Header, and Port Mismatch Correlation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0528] Detecting Remote Script Proxy Execution via PubPrn.vbs

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0235] Detecting Steganographic Command and Control via File + Network Correlation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0550] Detecting Suspicious Access to CRM Data in SaaS Environments

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0567] Detecting Unauthorized Collection from Messaging Applications in SaaS and Office Environments

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0541] Detection Strategy for /proc Memory Injection on Linux

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0345] Detection Strategy for Abuse Elevation Control Mechanism (T1548)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0033] Detection Strategy for Accessibility Feature Hijacking via Binary Replacement or Registry Modification

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0373] Detection Strategy for Addition of Email Delegate Permissions

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0531] Detection Strategy for Additional Cloud Credentials in IaaS/IdP/SaaS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0362] Detection Strategy for AppCert DLLs Persistence via Registry Injection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0017] Detection Strategy for Application Shimming via sdbinst.exe and Registry Artifacts (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0332] Detection Strategy for AutoHotKey & AutoIT Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0428] Detection Strategy for Bind Mounts on Linux

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0237] Detection Strategy for Boot or Logon Initialization Scripts: RC Scripts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0459] Detection Strategy for Build Image on Host

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0545] Detection Strategy for Cloud Administration Command

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0539] Detection Strategy for Cloud Application Integration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0169] Detection Strategy for Cloud Infrastructure Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0402] Detection Strategy for Cloud Service Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0147] Detection Strategy for Cloud Service Hijacking via SaaS Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0578] Detection Strategy for Cloud Storage Object Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0505] Detection Strategy for Command Obfuscation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0501] Detection Strategy for Compile After Delivery - Source Code to Executable Transformation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0281] Detection Strategy for Compressed Payload Creation and Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0065] Detection Strategy for Container Administration Command Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0490] Detection Strategy for Container and Resource Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0349] Detection Strategy for Content Injection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0108] Detection Strategy for Data Encoding in C2 Channels

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0059] Detection Strategy for Data Manipulation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0213] Detection Strategy for Data Transfer Size Limits and Chunked Exfiltration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0592] Detection Strategy for Data from Configuration Repository on Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0410] Detection Strategy for Data from Network Shared Drive

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0371] Detection Strategy for Debugger Evasion (T1622)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0563] Detection Strategy for Defense Impairment via Prevent Command History Logging across OS platforms.

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2026-04-24T20:25:01.924Z	2026-05-12 16:30:18.390000+00:00

[DET0579] Detection Strategy for Device Driver Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0424] Detection Strategy for Disable or Modify Cloud Firewall

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0289] Detection Strategy for Disable or Modify Cloud Log

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2026-04-24T20:25:34.812Z	2026-05-12 16:30:18.391000+00:00

[DET0062] Detection Strategy for Disable or Modify Linux Audit System Log

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2026-04-24T20:25:52.122Z	2026-05-12 16:30:18.390000+00:00

[DET0316] Detection Strategy for Disk Content Wipe via Direct Access and Overwrite

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0297] Detection Strategy for Disk Structure Wipe via Boot/Partition Overwrite

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0137] Detection Strategy for Disk Wipe via Direct Disk Access and Destructive Commands

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0366] Detection Strategy for Double File Extension Masquerading

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0569] Detection Strategy for Downgrade System Image on Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0091] Detection Strategy for Dynamic API Resolution via Hash-Based Function Lookups

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0039] Detection Strategy for Dynamic Resolution across OS Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0262] Detection Strategy for Dynamic Resolution through DNS Calculation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0419] Detection Strategy for Dynamic Resolution using Domain Generation Algorithms.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0485] Detection Strategy for Dynamic Resolution using Fast Flux DNS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0232] Detection Strategy for ESXi Administration Command

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0558] Detection Strategy for ESXi Hypervisor CLI Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0355] Detection Strategy for Email Bombing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0192] Detection Strategy for Email Hiding Rules

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0431] Detection Strategy for Email Spoofing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0214] Detection Strategy for Embedded Payloads

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0273] Detection Strategy for Encrypted Channel across OS Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0543] Detection Strategy for Encrypted Channel via Asymmetric Cryptography across OS Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0143] Detection Strategy for Encrypted Channel via Symmetric Cryptography across OS Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0304] Detection Strategy for Endpoint DoS via Application or System Exploitation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0173] Detection Strategy for Endpoint DoS via Service Exhaustion Flood

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0219] Detection Strategy for Escape to Host

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0369] Detection Strategy for Event Triggered Execution via Trap (T1546.005)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0555] Detection Strategy for Event Triggered Execution via emond on macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0557] Detection Strategy for Event Triggered Execution: AppInit DLLs (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0015] Detection Strategy for Exclusive Control

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0348] Detection Strategy for Exfiltration Over C2 Channel

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0548] Detection Strategy for Exfiltration Over Web Service

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0153] Detection Strategy for Exfiltration Over Webhook

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0570] Detection Strategy for Exfiltration to Cloud Storage

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0318] Detection Strategy for Exfiltration to Code Repository

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0284] Detection Strategy for Exfiltration to Text Storage Sites

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0174] Detection Strategy for Exploitation for Credential Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0514] Detection Strategy for Exploitation for Privilege Escalation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0595] Detection Strategy for Exploitation for Stealth

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2026-04-24T20:26:05.352Z	2026-05-12 16:30:18.391000+00:00

[DET0406] Detection Strategy for Extended Attributes Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0217] Detection Strategy for Extra Window Memory (EWM) Injection on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0150] Detection Strategy for File Creation or Modification of Boot Files

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0051] Detection Strategy for File/Path Exclusions

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0344] Detection Strategy for Fileless Storage via Registry, WMI, and Shared Memory

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0495] Detection Strategy for Financial Theft

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0148] Detection Strategy for Forged SAML Tokens

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0171] Detection Strategy for Forged Web Cookies

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0260] Detection Strategy for Forged Web Credentials

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0313] Detection Strategy for HTML Smuggling via JavaScript Blob + Dynamic File Drop

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0502] Detection Strategy for Hidden Artifacts Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0461] Detection Strategy for Hidden File System Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0032] Detection Strategy for Hidden Files and Directories

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0353] Detection Strategy for Hidden User Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0321] Detection Strategy for Hidden Virtual Instance Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0128] Detection Strategy for Hidden Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0411] Detection Strategy for Hide Infrastructure

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0218] Detection Strategy for Hijack Execution Flow across OS platforms.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0201] Detection Strategy for Hijack Execution Flow for DLLs

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0064] Detection Strategy for Hijack Execution Flow through Path Interception by Unquoted Path

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0427] Detection Strategy for Hijack Execution Flow through Service Registry Premission Weakness.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0436] Detection Strategy for Hijack Execution Flow through Services File Permissions Weakness.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0517] Detection Strategy for Hijack Execution Flow through the AppDomainManager on Windows.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0577] Detection Strategy for Hijack Execution Flow through the KernelCallbackTable on Windows.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0038] Detection Strategy for Hijack Execution Flow using Executable Installer File Permissions Weakness

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0004] Detection Strategy for Hijack Execution Flow using Path Interception by PATH Environment Variable.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0564] Detection Strategy for Hijack Execution Flow using Path Interception by Search Order Hijacking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0479] Detection Strategy for Hijack Execution Flow using the Windows COR_PROFILER.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0152] Detection Strategy for Hijack Execution Flow: Dylib Hijacking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0435] Detection Strategy for Hijack Execution Flow: Dynamic Linker Hijacking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0422] Detection Strategy for IFEO Injection on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0067] Detection Strategy for Ignore Process Interrupts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0286] Detection Strategy for Impersonation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0189] Detection Strategy for Indicator Removal from Tools - Post-AV Evasion Modification

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0568] Detection Strategy for Input Injection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0920] Detection Strategy for Invisible Unicode

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-23T18:44:43.178Z	2026-04-23 18:44:43.178000+00:00
modified	2026-04-24T20:23:25.386Z	2026-05-12 16:30:18.391000+00:00

[DET0322] Detection Strategy for Junk Code Obfuscation with Suspicious Execution Patterns

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0450] Detection Strategy for Kernel Modules and Extensions Autostart Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0216] Detection Strategy for LC_LOAD_DYLIB Modification in Mach-O Binaries on macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0405] Detection Strategy for LNK Icon Smuggling

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0183] Detection Strategy for Lateral Tool Transfer across OS platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0401] Detection Strategy for Launch Daemon Creation or Modification (macOS)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0331] Detection Strategy for ListPlanting Injection on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0255] Detection Strategy for Log Enumeration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0244] Detection Strategy for Login Hook Persistence on macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0101] Detection Strategy for Lua Scripting Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0246] Detection Strategy for MFA Interception via Input Capture and Smart Card Proxying

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0383] Detection Strategy for Masquerading via Account Name Similarity

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0443] Detection Strategy for Masquerading via Breaking Process Trees

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0226] Detection Strategy for Masquerading via File Type Modification

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0347] Detection Strategy for Masquerading via Legitimate Resource Name or Location

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0308] Detection Strategy for Modify Cloud Compute Infrastructure

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0449] Detection Strategy for Modify Cloud Compute Infrastructure: Create Cloud Instance

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0423] Detection Strategy for Modify Cloud Compute Infrastructure: Create Snapshot

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0084] Detection Strategy for Modify Cloud Compute Infrastructure: Delete Cloud Instance

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0492] Detection Strategy for Modify Cloud Compute Infrastructure: Modify Cloud Compute Configurations

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0337] Detection Strategy for Modify Cloud Compute Infrastructure: Revert Cloud Instance

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0155] Detection Strategy for Modify Cloud Resource Hierarchy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0170] Detection Strategy for Modify System Image on Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0160] Detection Strategy for Multi-Factor Authentication Request Generation (T1621)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0432] Detection Strategy for NTFS File Attribute Abuse (ADS/EAs)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0575] Detection Strategy for Netsh Helper DLL Persistence via Registry and Child Process Monitoring (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0163] Detection Strategy for Network Address Translation Traversal

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0006] Detection Strategy for Network Boundary Bridging

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0233] Detection Strategy for Network Device Configuration Dump via Config Repositories

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0314] Detection Strategy for Network Sniffing Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0227] Detection Strategy for Non-Standard Ports

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0553] Detection Strategy for Obfuscated Files or Information: Binary Padding

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0164] Detection Strategy for Overwritten Process Arguments Masquerading

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0469] Detection Strategy for Patch System Image on Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0070] Detection Strategy for Phishing across platforms.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0109] Detection Strategy for Plist File Modification (T1647)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0533] Detection Strategy for Poisoned Pipeline Execution via SaaS CI/CD Workflows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0324] Detection Strategy for Polymorphic Code Mutation and Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0417] Detection Strategy for Power Settings Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0451] Detection Strategy for PowerShell Profile Persistence via profile.ps1 Modification

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0045] Detection Strategy for Process Argument Spoofing on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0544] Detection Strategy for Process Doppelgänging on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0382] Detection Strategy for Process Hollowing on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0538] Detection Strategy for Protocol Tunneling accross OS platforms.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0203] Detection Strategy for Ptrace-Based Process Injection on Linux

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0408] Detection Strategy for Reflection Amplification DoS (T1498.002)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0300] Detection Strategy for Reflective Code Loading

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0574] Detection Strategy for Remote System Enumeration Behavior

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0584] Detection Strategy for Resource Forking on macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0156] Detection Strategy for Resource Hijacking: SMS Pumping via SaaS Application Logs

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0276] Detection Strategy for Rogue Domain Controller (DCShadow) Registration and Replication Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0277] Detection Strategy for Role Addition to Cloud Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0391] Detection Strategy for Runtime Data Manipulation.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0453] Detection Strategy for SNMP (MIB Dump) on Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0181] Detection Strategy for SQL Stored Procedures Abuse via T1505.001

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0126] Detection Strategy for SSH Key Injection in Authorized Keys

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0256] Detection Strategy for SSH Session Hijacking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0510] Detection Strategy for SVG Smuggling with Script Execution and Delivery Behavior

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0116] Detection Strategy for Safe Mode Boot Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0399] Detection Strategy for Scheduled Transfer and Recurrent Exfiltration Patterns

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0374] Detection Strategy for Serverless Execution (T1648)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0236] Detection Strategy for Spearphishing Attachment across OS Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0107] Detection Strategy for Spearphishing Links

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0245] Detection Strategy for Spearphishing Voice across OS platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0115] Detection Strategy for Spearphishing via a Service across OS Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0240] Detection Strategy for Steal or Forge Authentication Certificates

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0119] Detection Strategy for Steganographic Abuse in File & Script Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0193] Detection Strategy for Stored Data Manipulation across OS Platforms.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0019] Detection Strategy for Stripped Payloads Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0442] Detection Strategy for Subvert Trust Controls using SIP and Trust Provider Hijacking.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0056] Detection Strategy for Subvert Trust Controls via Install Root Certificate.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0282] Detection Strategy for System Binary Proxy Execution: Regsvr32

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0565] Detection Strategy for System Language Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0043] Detection Strategy for System Location Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0421] Detection Strategy for System Services Service Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0279] Detection Strategy for System Services across OS platforms.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0265] Detection Strategy for System Services: Launchctl

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0073] Detection Strategy for System Services: Systemctl

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0583] Detection Strategy for T1136 - Create Account across platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0319] Detection Strategy for T1136.003 - Cloud Account Creation across IaaS, IdP, SaaS, Office

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0475] Detection Strategy for T1218.011 Rundll32 Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0042] Detection Strategy for T1218.012 Verclsid Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0046] Detection Strategy for T1497 Virtualization/Sandbox Evasion

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0547] Detection Strategy for T1505 - Server Software Component

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0166] Detection Strategy for T1505.002 - Transport Agent Abuse (Windows/Linux)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0068] Detection Strategy for T1505.004 - Malicious IIS Components

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0212] Detection Strategy for T1505.005 – Terminal Services DLL Modification (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0334] Detection Strategy for T1525 – Implant Internal Image

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0515] Detection Strategy for T1528 - Steal Application Access Token

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0278] Detection Strategy for T1542 Pre-OS Boot

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0099] Detection Strategy for T1542.001 Pre-OS Boot: System Firmware

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0323] Detection Strategy for T1542.002 Pre-OS Boot: Component Firmware

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0175] Detection Strategy for T1542.004 Pre-OS Boot: ROMMONkit

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0582] Detection Strategy for T1542.005 Pre-OS Boot: TFTP Boot

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0330] Detection Strategy for T1546.016 - Event Triggered Execution via Installer Packages

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0375] Detection Strategy for T1546.017 - Udev Rules (Linux)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0180] Detection Strategy for T1547.009 – Shortcut Modification (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0204] Detection Strategy for T1547.010 – Port Monitor DLL Persistence via spoolsv.exe (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0121] Detection Strategy for T1547.015 – Login Items on macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0388] Detection Strategy for T1548.002 – Bypass User Account Control (UAC)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0409] Detection Strategy for T1550.002 - Pass the Hash (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0352] Detection Strategy for T1550.003 - Pass the Ticket (Windows)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0467] Detection Strategy for TLS Callback Injection via PE Memory Modification and Hollowing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0393] Detection Strategy for Temporary Elevated Cloud Access Abuse (T1548.005)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0403] Detection Strategy for Traffic Duplication via Mirroring in IaaS and Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0012] Detection Strategy for VBA Stomping

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0448] Detection Strategy for VDSO Hijacking on Linux

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0199] Detection Strategy for Virtual Machine Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0339] Detection Strategy for Weaken Encryption on Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0494] Detection Strategy for Weaken Encryption: Disable Crypto Hardware on Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0243] Detection Strategy for Weaken Encryption: Reduce Key Space on Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0058] Detection Strategy for Web Service: Dead Drop Resolver

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0536] Detection Strategy for Wi-Fi Networks

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0254] Detection Strategy of Transmitted Data Manipulation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0311] Detection for Spoofing Tool UI across OS Platforms

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2026-04-24T20:26:14.331Z	2026-05-12 16:30:18.391000+00:00

[DET0546] Detection of Abused or Compromised Cloud Accounts for Access and Persistence

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0884] Detection of Acquire Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0895] Detection of Acquire Infrastructure

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0830] Detection of Active Scanning

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0034] Detection of Adversarial Process Discovery Behavior

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0223] Detection of Adversary Abuse of Software Deployment Tools

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0247] Detection of Adversary Use of Unused or Unsupported Cloud Regions (IaaS)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0414] Detection of AppleScript-Based Execution on macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0097] Detection of Application Window Enumeration via API or Scripting

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0842] Detection of Artificial Intelligence

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0918] Detection of Audio-Visual Content

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-23T14:58:03.627Z	2026-04-23 14:58:03.627000+00:00
modified	2026-04-24T20:23:36.872Z	2026-05-12 16:30:18.390000+00:00

[DET0554] Detection of Bluetooth-Based Data Exfiltration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0883] Detection of Botnet

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0837] Detection of Botnet

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0855] Detection of Business Relationships

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0809] Detection of CDNs

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0513] Detection of Cached Domain Credential Dumping via Local Hash Cache Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0820] Detection of Client Configurations

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0846] Detection of Cloud Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0879] Detection of Cloud Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0291] Detection of Cloud Service Dashboard Usage via GUI-Based Cloud Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0805] Detection of Code Repositories

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0875] Detection of Code Signing Certificates

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0833] Detection of Code Signing Certificates

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0444] Detection of Command and Control Over Application Layer Protocols

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0876] Detection of Compromise Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0885] Detection of Compromise Infrastructure

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0363] Detection of Credential Dumping from LSASS Memory via Access and Dump Sequence

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0139] Detection of Credential Harvesting via API Hooking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0480] Detection of Credential Harvesting via Web Portal Modification

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0813] Detection of Credentials

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0843] Detection of DNS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0891] Detection of DNS Server

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0862] Detection of DNS Server

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0877] Detection of DNS/Passive DNS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0511] Detection of Data Access and Collection from Removable Media

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0146] Detection of Data Destruction Across Platforms via Mass Overwrite and Deletion Patterns

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0123] Detection of Data Exfiltration via Removable Media

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0014] Detection of Data Staging Prior to Exfiltration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0465] Detection of Default Account Abuse Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0900] Detection of Defense Impairment

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-16T17:13:38.727Z	2026-04-16 17:13:38.727000+00:00
modified	2026-04-24T20:23:12.031Z	2026-05-12 16:30:18.390000+00:00

[DET0497] Detection of Defense Impairment through Disabled or Modified Tools across OS Platforms.

Current version: 1.1

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2026-04-24T20:24:31.994Z	2026-05-12 16:30:18.390000+00:00

[DET0806] Detection of Determine Physical Locations

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0853] Detection of Develop Capabilities

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0848] Detection of Digital Certificates

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0831] Detection of Digital Certificates

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0844] Detection of Digital Certificates

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0211] Detection of Direct VM Console Access via Cloud-Native Methods

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0426] Detection of Direct Volume Access for File System Evasion

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0145] Detection of Disabled or Modified System Firewalls across OS Platforms.

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0847] Detection of Domain Properties

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0007] Detection of Domain Trust Discovery via API, Script, and CLI Enumeration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0270] Detection of Domain or Tenant Policy Modifications via AD and Identity Provider

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0892] Detection of Domains

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0863] Detection of Domains

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0825] Detection of Drive-by Target

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0835] Detection of Email Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0861] Detection of Email Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0814] Detection of Email Addresses

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0857] Detection of Employee Names

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0873] Detection of Establish Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0532] Detection of Event Log Clearing on Windows via Behavioral Chain

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0077] Detection of Exfiltration Over Alternate Network Interfaces

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0512] Detection of Exfiltration Over Asymmetric Encrypted Non-C2 Protocol

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0149] Detection of Exfiltration Over Unencrypted Non-C2 Protocol

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0827] Detection of Exploits

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0894] Detection of Exploits

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0416] Detection of File Transfer Protocol-Based C2 (FTP, FTPS, SMB, TFTP)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0818] Detection of Firmware

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0826] Detection of Gather Victim Host Information

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0841] Detection of Gather Victim Identity Information

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0869] Detection of Gather Victim Network Information

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0890] Detection of Gather Victim Org Information

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0916] Detection of Generate Content

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-23T14:53:10.855Z	2026-04-23 14:53:10.855000+00:00
modified	2026-04-24T20:23:47.970Z	2026-05-12 16:30:18.390000+00:00

[DET0305] Detection of Group Policy Modifications via AD Object Changes and File Activity

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0887] Detection of Hardware

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0815] Detection of IP Addresses

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0849] Detection of Identify Business Tempo

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0807] Detection of Identify Roles

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0840] Detection of Install Digital Certificate

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0377] Detection of Kernel/User-Level Rootkit Behavior Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0437] Detection of LSA Secrets Dumping via Registry and Memory Extraction

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0434] Detection of Launch Agent Creation or Modification on macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0041] Detection of Lifecycle Policy Modifications for Triggered Deletion in IaaS Cloud Storage

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0893] Detection of Link Target

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0407] Detection of Local Account Abuse for Initial Access and Persistence

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0013] Detection of Local Browser Artifact Access for Reconnaissance

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0380] Detection of Local Data Collection Prior to Exfiltration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0261] Detection of Local Data Staging Prior to Exfiltration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0135] Detection of Mail Protocol-Based C2 Activity (SMTP, IMAP, POP3)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0138] Detection of Malicious Code Execution via InstallUtil.exe

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0194] Detection of Malicious Control Panel Item Execution via control.exe or Rundll32

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0206] Detection of Malicious Kubernetes CronJob Scheduling

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0328] Detection of Malicious Profile Installation via CMSTP.exe

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0092] Detection of Malicious or Unauthorized Software Extensions

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0836] Detection of Malvertising

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0845] Detection of Malware

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0872] Detection of Malware

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0439] Detection of Malware Relocation via Suspicious File Movement

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0117] Detection of Masqueraded Tasks or Services with Suspicious Naming and Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0158] Detection of Msiexec Abuse for Local, Network, and DLL Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0215] Detection of Multi-Platform File Encryption for Impact

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0132] Detection of Mutex-Based Execution Guardrails Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0586] Detection of NTDS.dit Credential Dumping from Domain Controllers

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0859] Detection of Network Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0889] Detection of Network Security Appliances

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0819] Detection of Network Topology

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0828] Detection of Network Trust Dependencies

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0457] Detection of Non-Application Layer Protocols for C2

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0850] Detection of Obtain Capabilities

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0040] Detection of Persistence Artifact Removal Across Host Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0823] Detection of Phishing for Information

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0081] Detection of Proxy Execution via Trusted Signed Binaries Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0445] Detection of Proxy Infrastructure Setup and Traffic Bridging

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0880] Detection of Purchase Technical Data

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0919] Detection of Query Public AI Services

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-23T14:59:37.388Z	2026-04-23 14:59:37.388000+00:00
modified	2026-04-24T20:23:56.287Z	2026-05-12 16:30:18.391000+00:00

[DET0209] Detection of Registry Query for Environmental Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0071] Detection of Remote Data Staging Prior to Exfiltration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0079] Detection of Remote Service Session Hijacking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0588] Detection of Remote Service Session Hijacking for RDP.

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2026-04-24T20:26:25.154Z	2026-05-12 16:30:18.390000+00:00

[DET0881] Detection of SEO Poisoning

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0858] Detection of Scan Databases

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0817] Detection of Scanning IP Blocks

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0466] Detection of Script-Based Proxy Execution via Signed Microsoft Utilities

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0822] Detection of Search Closed Sources

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0811] Detection of Search Engines

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0860] Detection of Search Open Technical Databases

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0856] Detection of Search Open Websites/Domains

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0866] Detection of Search Threat Vendor Data

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0810] Detection of Search Victim-Owned Websites

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0897] Detection of Selective Exclusion

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-23T17:50:38.555Z	2025-10-23 17:50:38.555000+00:00
modified	2025-11-12T22:03:39.105Z	2026-05-12 16:34:50.682000+00:00

[DET0871] Detection of Server

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0874] Detection of Server

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0864] Detection of Serverless

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0829] Detection of Serverless

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0812] Detection of Social Media

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0851] Detection of Social Media Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0870] Detection of Social Media Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0888] Detection of Software

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0865] Detection of Spearphishing Attachment

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0878] Detection of Spearphishing Link

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0821] Detection of Spearphishing Service

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0886] Detection of Spearphishing Voice

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0898] Detection of Spoofed User-Agent

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-23T17:54:46.514Z	2025-10-23 17:54:46.514000+00:00
modified	2025-11-12T22:03:39.105Z	2026-05-12 16:34:50.688000+00:00

[DET0839] Detection of Stage Capabilities

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0342] Detection of Suspicious Compiled HTML File Execution via hh.exe

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0441] Detection of Suspicious Scheduled Task Creation and Execution on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0320] Detection of System Network Connections Discovery Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0571] Detection of System Process Creation or Modification Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0483] Detection of System Service Discovery Commands Across OS Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0253] Detection of Systemd Service Creation or Modification on Linux

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0471] Detection of Tainted Content Written to Shared Storage

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0816] Detection of Threat Intel Vendors

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0852] Detection of Tool

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0458] Detection of Trust Relationship Modifications in Domain or Tenant Policies

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0220] Detection of USB-Based Data Exfiltration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0594] Detection of Unauthorized DCSync Operations via Replication API Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0306] Detection of Unauthorized Network Firewall Rule Modification

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2026-04-24T20:26:54.885Z	2026-05-12 16:30:18.390000+00:00

[DET0824] Detection of Upload Malware

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0834] Detection of Upload Tool

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0560] Detection of Valid Account Abuse Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0854] Detection of Virtual Private Server

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.693000+00:00

[DET0838] Detection of Virtual Private Server

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0808] Detection of Vulnerabilities

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0867] Detection of Vulnerability Scanning

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0832] Detection of WHOIS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0027] Detection of Web Protocol-Based C2 Over HTTP, HTTPS, or WebSockets

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0882] Detection of Web Services

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0896] Detection of Web Services

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0509] Detection of Web Session Cookie Theft via File, Memory, and Network Artifacts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0552] Detection of Windows Service Creation or Modification

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0868] Detection of Wordlist Scanning

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0917] Detection of Written Content

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-23T14:56:39.987Z	2026-04-23 14:56:39.987000+00:00
modified	2026-04-24T20:24:06.496Z	2026-05-12 16:30:18.390000+00:00

[DET0055] Detection strategy for Group Policy Discovery on Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0343] Direct Network Flood Detection across IaaS, Linux, Windows, and macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0487] Distributed Password Spraying via Authentication Failures Across Multiple Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0129] Domain Account Enumeration Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0196] Domain Fronting Behavior via Mismatched TLS SNI and HTTP Host Headers

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0176] Drive-by Compromise — Behavior-based, Multi-platform Detection Strategy (T1189)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0476] Email Collection via Local Email Access and Auto-Forwarding Behavior

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0576] Email Forwarding Rule Abuse Detection Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0087] Encrypted or Encoded File Payload Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0356] Endpoint DoS via OS Exhaustion Flood Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0208] Endpoint Resource Saturation and Crash Pattern Detection Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0229] Enumeration of Global Address Lists via Email Account Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0587] Enumeration of User or Account Information Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0474] Environmental Keying Discovery-to-Decryption Behavioral Chain Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0080] Exploit Public-Facing Application – multi-signal correlation (request → error → post-exploit process/egress)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0287] Exploitation for Client Execution – cross-platform behavior chain (browser/Office/3rd-party apps)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0118] Exploitation of Remote Services – multi-platform lateral movement detection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0325] External Proxy Behavior via Outbound Relay to Intermediate Infrastructure

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0167] Firmware Modification via Flash Tool or Corrupted Firmware Upload

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0368] Hardware Supply Chain Compromise Detection via Host Status & Boot Integrity Checks

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0133] IDE Tunneling Detection via Process, File, and Network Behaviors

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0200] Indirect Command Execution – Windows utility abuse behavior chain

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0075] Internal Proxy Behavior via Lateral Host-to-Host C2 Relay

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0054] Internal Spearphishing via Trusted Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0082] Internal Website and System Content Defacement via UI or Messaging Modifications

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0031] Invalid Code Signature Execution Detection via Metadata and Behavioral Context

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0390] Linux Detection Strategy for T1547.013 - XDG Autostart Entries

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0258] Linux Python Startup Hook Persistence via .pth and Customize Files (T1546.018)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0303] Local Account Enumeration Across Host Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0188] Local Storage Discovery via Drive Enumeration and Filesystem Probing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0292] Masquerading via Space After Filename - Behavioral Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.670000+00:00

[DET0285] Multi-Event Behavioral Detection for DCOM-Based Remote Code Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0530] Multi-Event Detection for SMB Admin Share Lateral Movement

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0540] Multi-Platform Behavioral Detection for Compute Hijacking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0484] Multi-Platform Cloud Storage Exfiltration Behavior Chain

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0372] Multi-Platform Detection Strategy for T1678 - Delay Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0562] Multi-Platform Execution Guardrails Environmental Validation Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0299] Multi-Platform File and Directory Permissions Modification Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0559] Multi-Platform Shutdown or Reboot Detection via Execution and Host Status Events

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0392] Multi-Platform Software Discovery Behavior Chain

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0327] Multi-event Detection Strategy for RDP-Based Remote Logins and Post-Access Activity

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0359] Multi-hop Proxy Behavior via Relay Node Chaining, Onion Routing, and Network Tunneling

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0023] Obfuscated Binary Unpacking Detection via Behavioral Patterns

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0551] Password Guessing via Multi-Source Authentication Failure Correlation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0161] Password Policy Discovery – cross-platform behavior-chain analytics

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0491] Peripheral Device Enumeration via System Utilities and API Calls

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0302] Port-knock → rule/daemon change → first successful connect (T1205.001)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0105] Post-Credential Dump Password Cracking Detection via Suspicious File Access and Hash Analysis Tools

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0358] Programmatic and Excessive Access to Confluence Documentation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0370] Recursive Enumeration of Files and Directories Across Privilege Contexts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0542] Registry and LSASS Monitoring for Security Support Provider Abuse

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0259] Remote Desktop Software Execution and Beaconing Detection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0301] Removable Media Execution Chain Detection via File and Process Activity

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0005] Renamed Legitimate Utility Execution with Metadata Mismatch and Suspicious Path

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0267] Resource Hijacking Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0527] Right-to-Left Override Masquerading Detection via Filename and Execution Context

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0016] Security Software Discovery Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0110] Setuid/Setgid Privilege Abuse Detection (Linux/macOS)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0162] Socket-filter trigger → on-host raw-socket activity → reverse connection (T1205.002)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0009] Supply-chain tamper in dependencies/dev-tools (manager→write/install→first-run→egress)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0310] Suspicious Addition to Local or Domain Groups

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0242] Suspicious Database Access and Dump Activity Across Environments (T1213.006)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0036] Suspicious Device Registration via Entra ID or MFA Platform

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0572] Suspicious RoleBinding or ClusterRoleBinding Assignment in Kubernetes

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0425] Suspicious Use of Web Services for C2

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0525] System Discovery via Native and Remote Utilities

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0447] T1136.001 Detection Strategy - Local Account Creation Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0003] T1136.002 Detection Strategy - Domain Account Creation Across Platforms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0534] TCC Database Manipulation via Launchctl and Unprotected SIP

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0566] Template Injection Detection - Windows

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0524] Traffic Signaling (Port-knock / magic-packet → firewall or service activation) – T1205

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0351] Unix-like File Permission Manipulation Behavioral Chain Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0340] User Execution – Malicious Copy & Paste (browser/email → shell with obfuscated one-liner) – T1204.004

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0294] User Execution – Malicious File via download/open → spawn chain (T1204.002)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0248] User Execution – Malicious Image (containers & IaaS) – pull/run → start → anomalous behavior (T1204.003)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0066] User Execution – Malicious Link (click → suspicious egress → download/write → follow-on activity)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0478] User Execution – multi-surface behavior chain (documents/links → helper/unpacker → LOLBIN/child → egress)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0252] User-Initiated Malicious Library Installation via Package Manager (T1204.005)

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0168] Virtualization/Sandbox Evasion via System Checks across Windows, Linux, macOS

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0394] Web Shell Detection via Server Behavior and File Execution Chains

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0481] Windows COM Hijacking Detection via Registry and DLL Load Correlation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0418] Windows DACL Manipulation Behavioral Chain Detection Strategy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0026] Windows Detection Strategy for T1547.012 - Print Processor DLL Persistence

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0395] macOS AuthorizationExecuteWithPrivileges Elevation Prompt Detection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

mobile-attack

Patches

[DET0697] Detection of Abuse Accessibility Features

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0642] Detection of Abuse Elevation Control Mechanism

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0611] Detection of Access Notifications

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0605] Detection of Account Access Removal

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0635] Detection of Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0623] Detection of Adversary-in-the-Middle

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0685] Detection of Application Layer Protocol

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0652] Detection of Application Versioning

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0670] Detection of Archive Collected Data

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0667] Detection of Asymmetric Cryptography

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0673] Detection of Audio Capture

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0700] Detection of Bidirectional Communication

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0654] Detection of Boot or Logon Initialization Scripts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0711] Detection of Broadcast Receivers

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0674] Detection of Calendar Entries

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0703] Detection of Call Control

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0602] Detection of Call Log

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0643] Detection of Clipboard Data

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0619] Detection of Code Signing Policy Modification

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0655] Detection of Command and Scripting Interpreter

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0649] Detection of Compromise Application Executable

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0712] Detection of Compromise Client Software Binary

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0604] Detection of Compromise Hardware Supply Chain

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0704] Detection of Compromise Software Dependencies and Development Tools

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0721] Detection of Compromise Software Supply Chain

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0659] Detection of Conceal Multimedia Files

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0679] Detection of Contact List

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0633] Detection of Credentials from Password Store

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0671] Detection of Data Destruction

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0678] Detection of Data Encrypted for Impact

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0660] Detection of Data Manipulation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0713] Detection of Data from Local System

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0617] Detection of Dead Drop Resolver

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0630] Detection of Device Administrator Permissions

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0603] Detection of Device Lockout

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0693] Detection of Disable or Modify Tools

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0710] Detection of Disguise Root/Jailbreak Indicators

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0669] Detection of Domain Generation Algorithms

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0618] Detection of Download New Code at Runtime

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0614] Detection of Drive-By Compromise

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0613] Detection of Dynamic Resolution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0641] Detection of Encrypted Channel

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0627] Detection of Endpoint Denial of Service

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

[DET0647] Detection of Event Triggered Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0653] Detection of Execution Guardrails

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0698] Detection of Exfiltration Over Alternative Protocol

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0615] Detection of Exfiltration Over C2 Channel

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0701] Detection of Exfiltration Over Unencrypted Non-C2 Protocol

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0629] Detection of Exploitation for Client Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0666] Detection of Exploitation for Initial Access

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0665] Detection of Exploitation for Privilege Escalation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0663] Detection of Exploitation of Remote Services

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0638] Detection of File Deletion

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0682] Detection of File and Directory Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0637] Detection of Foreground Persistence

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0676] Detection of GUI Input Capture

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0608] Detection of Generate Traffic from Victim

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0648] Detection of Geofencing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0640] Detection of Hide Artifacts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0694] Detection of Hijack Execution Flow

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0719] Detection of Hooking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0687] Detection of Impair Defenses

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0662] Detection of Impersonate SS7 Nodes

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0651] Detection of Indicator Removal on Host

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0718] Detection of Ingress Tool Transfer

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0705] Detection of Input Capture

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0612] Detection of Input Injection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0708] Detection of Internet Connection Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0664] Detection of Keychain

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0661] Detection of Keylogging

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0716] Detection of Linked Devices

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0675] Detection of Location Tracking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0645] Detection of Lockscreen Bypass

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0715] Detection of Masquerading

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0609] Detection of Match Legitimate Name or Location

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0717] Detection of Native API

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0639] Detection of Network Denial of Service

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0696] Detection of Network Service Scanning

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0706] Detection of Non-Standard Port

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0720] Detection of Obfuscated Files or Information

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0610] Detection of One-Way Communication

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0688] Detection of Out of Band Data

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0684] Detection of Phishing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0598] Detection of Prevent Application Removal

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0692] Detection of Process Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0632] Detection of Process Injection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0681] Detection of Protected User Data

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0631] Detection of Proxy Through Victim

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0622] Detection of Ptrace System Calls

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0624] Detection of Remote Access Software

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0702] Detection of Remote Device Management Services

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0691] Detection of Replication Through Removable Media

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0658] Detection of SIM Card Swap

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0599] Detection of SMS Control

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0686] Detection of SMS Messages

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0646] Detection of SSL Pinning

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0707] Detection of Scheduled Task/Job

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0668] Detection of Screen Capture

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0680] Detection of Security Software Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0600] Detection of Software Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0644] Detection of Software Packing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0656] Detection of Steal Application Access Token

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0677] Detection of Steganography

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0621] Detection of Stored Application Data

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0657] Detection of Subvert Trust Controls

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0628] Detection of Supply Chain Compromise

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0714] Detection of Suppress Application Icon

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0650] Detection of Symmetric Cryptography

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0625] Detection of System Checks

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0601] Detection of System Information Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0634] Detection of System Network Configuration Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0636] Detection of System Network Connections Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0689] Detection of System Runtime API Hijacking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0683] Detection of Transmitted Data Manipulation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0626] Detection of URI Hijacking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0690] Detection of Uninstall Malicious Application

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0607] Detection of Unix Shell

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0699] Detection of User Evasion

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0695] Detection of Video Capture

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0606] Detection of Virtualization Solution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0616] Detection of Virtualization/Sandbox Evasion

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0620] Detection of Web Protocols

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0672] Detection of Web Service

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0709] Detection of Wi-Fi Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

ics-attack

Patches

[DET0802] Detection of Activate Firmware Update Mode

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.680000+00:00

[DET0764] Detection of Adversary-in-the-Middle

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0728] Detection of Alarm Suppression

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0734] Detection of Automated Collection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0748] Detection of Autorun Image

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False
x_mitre_analytic_refs		['x-mitre-analytic--2b751a3d-c680-46c9-b92b-55a9d24bd4f9']

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:30:18.390000+00:00

[DET0784] Detection of Block Command Message

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.673000+00:00

[DET0910] Detection of Block Communications

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T21:48:05.256Z	2026-04-22 21:48:05.256000+00:00
modified	2026-04-24T20:27:42.639Z	2026-05-12 16:30:18.390000+00:00

[DET0911] Detection of Block Ethernet

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T22:42:31.791Z	2026-04-22 22:42:31.791000+00:00
modified	2026-04-24T20:27:51.377Z	2026-05-12 16:30:18.391000+00:00

[DET0903] Detection of Block Operational Technology Message

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T15:09:30.933Z	2026-04-22 15:09:30.933000+00:00
modified	2026-04-24T20:28:00.436Z	2026-05-12 16:30:18.390000+00:00

[DET0789] Detection of Block Reporting Message

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0797] Detection of Block Serial COM

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0912] Detection of Block Wi-Fi

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T22:56:48.997Z	2026-04-22 22:56:48.997000+00:00
modified	2026-04-24T20:28:13.555Z	2026-05-12 16:30:18.390000+00:00

[DET0908] Detection of Broadcast Discovery

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T20:32:50.322Z	2026-04-22 20:32:50.322000+00:00
modified	2026-04-24T20:29:42.421Z	2026-05-12 16:30:18.390000+00:00

[DET0737] Detection of Brute Force I/O

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0771] Detection of Change Credential

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0755] Detection of Change Operating Mode

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0760] Detection of Command-Line Interface

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0736] Detection of Commonly Used Port

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0759] Detection of Connection Proxy

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0762] Detection of Damage to Property

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0758] Detection of Data Destruction

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0754] Detection of Data from Information Repositories

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0749] Detection of Data from Local System

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0756] Detection of Default Credentials

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0786] Detection of Denial of Control

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0723] Detection of Denial of Service

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0769] Detection of Denial of View

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.669000+00:00

[DET0768] Detection of Detect Operating Mode

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0801] Detection of Device Restart/Shutdown

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.671000+00:00

[DET0782] Detection of Drive-by Compromise

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0742] Detection of Execution through API

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.697000+00:00

[DET0740] Detection of Exploit Public-Facing Application

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0795] Detection of Exploitation for Evasion

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0738] Detection of Exploitation for Privilege Escalation

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0767] Detection of Exploitation of Remote Services

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0803] Detection of External Remote Services

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0904] Detection of Firmware Modification

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T15:56:01.514Z	2026-04-22 15:56:01.514000+00:00
modified	2026-04-24T20:30:02.969Z	2026-05-12 16:30:18.390000+00:00

[DET0772] Detection of Graphical User Interface

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0798] Detection of Hardcoded Credentials

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.695000+00:00

[DET0722] Detection of Hooking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.686000+00:00

[DET0774] Detection of I/O Image

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0750] Detection of Indicator Removal on Host

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0905] Detection of Insecure Credentials

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T16:29:50.802Z	2026-04-22 16:29:50.802000+00:00
modified	2026-04-24T20:30:16.130Z	2026-05-12 16:30:18.391000+00:00

[DET0796] Detection of Internet Accessible Device

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0745] Detection of Lateral Tool Transfer

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0729] Detection of Loss of Availability

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0778] Detection of Loss of Control

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.674000+00:00

[DET0757] Detection of Loss of Productivity and Revenue

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0775] Detection of Loss of Protection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0779] Detection of Loss of Safety

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0763] Detection of Loss of View

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.687000+00:00

[DET0773] Detection of Manipulate I/O Image

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0747] Detection of Manipulation of Control

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0785] Detection of Manipulation of View

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0725] Detection of Masquerading

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0777] Detection of Modify Alarm Settings

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.683000+00:00

[DET0741] Detection of Modify Controller Tasking

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0776] Detection of Modify Parameter

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0783] Detection of Modify Program

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0790] Detection of Module Firmware

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0727] Detection of Monitor Process State

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0909] Detection of Multicast Discovery

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T20:46:31.212Z	2026-04-22 20:46:31.212000+00:00
modified	2026-04-24T20:30:28.263Z	2026-05-12 16:30:18.390000+00:00

[DET0753] Detection of Native API

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0770] Detection of Network Connection Enumeration

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.676000+00:00

[DET0800] Detection of Network Sniffing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0915] Detection of Online Edit

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-23T00:43:15.974Z	2026-04-23 00:43:15.974000+00:00
modified	2026-04-24T20:30:40.347Z	2026-05-12 16:30:18.390000+00:00

[DET0788] Detection of Point & Tag Identification

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0907] Detection of Port Scan

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T18:52:19.941Z	2026-04-22 18:52:19.941000+00:00
modified	2026-04-24T20:30:52.373Z	2026-05-12 16:30:18.390000+00:00

[DET0914] Detection of Program Append

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-23T00:32:34.211Z	2026-04-23 00:32:34.211000+00:00
modified	2026-04-24T20:31:02.396Z	2026-05-12 16:30:18.391000+00:00

[DET0752] Detection of Program Download

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0913] Detection of Program Download All

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-23T00:09:43.016Z	2026-04-23 00:09:43.016000+00:00
modified	2026-04-24T20:31:14.045Z	2026-05-12 16:30:18.390000+00:00

[DET0761] Detection of Program Upload

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0766] Detection of Project File Infection

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0804] Detection of Remote Services

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0739] Detection of Remote System Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0787] Detection of Remote System Information Discovery

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.679000+00:00

[DET0733] Detection of Replication Through Removable Media

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.692000+00:00

[DET0792] Detection of Rogue Master

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.685000+00:00

[DET0780] Detection of Rootkit

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.667000+00:00

[DET0751] Detection of Screen Capture

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.675000+00:00

[DET0735] Detection of Scripting

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0765] Detection of Service Stop

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.688000+00:00

[DET0906] Detection of Siemens Project File Format Infection

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T17:55:10.734Z	2026-04-22 17:55:10.734000+00:00
modified	2026-04-24T20:31:24.570Z	2026-05-12 16:30:18.390000+00:00

[DET0781] Detection of Spearphishing Attachment

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.689000+00:00

[DET0746] Detection of Spoof Reporting Message

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.691000+00:00

[DET0799] Detection of Standard Application Layer Protocol

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.681000+00:00

[DET0730] Detection of Supply Chain Compromise

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.678000+00:00

[DET0793] Detection of System Binary Proxy Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.677000+00:00

[DET0731] Detection of System Firmware

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.668000+00:00

[DET0732] Detection of Theft of Operational Information

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.672000+00:00

[DET0744] Detection of Transient Cyber Asset

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.684000+00:00

[DET0794] Detection of Unauthorized Command Message

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.694000+00:00

[DET0902] Detection of Unauthorized Message

Current version: 1.0

Details

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2026-04-22T14:32:49.664Z	2026-04-22 14:32:49.664000+00:00
modified	2026-04-24T20:31:37.796Z	2026-05-12 16:30:18.391000+00:00

[DET0791] Detection of User Execution

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.696000+00:00

[DET0724] Detection of Valid Accounts

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.698000+00:00

[DET0726] Detection of Wireless Compromise

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.682000+00:00

[DET0743] Detection of Wireless Sniffing

Current version: 1.0

Details

dictionary_item_added
STIX Field	Old value	New Value
revoked		False

dictionary_item_removed
STIX Field	Old value	New Value
spec_version	2.1

values_changed
STIX Field	Old value	New Value
created	2025-10-21T15:10:28.402Z	2025-10-21 15:10:28.402000+00:00
modified	2025-10-21T15:10:28.402Z	2026-05-12 16:34:50.690000+00:00

Analytics

enterprise-attack

Patches

[AN0551] Analytic 0551

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 23:17:37.896000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1370] Analytic 1370

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:02.253000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1371] Analytic 1371

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:32:42.659000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1372] Analytic 1372

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:31:55.528000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1373] Analytic 1373

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:43.898000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1374] Analytic 1374

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:32.261000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1452] Analytic 1452

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 22:32:32.447000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1612] Analytic 1612

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 22:22:07.647000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1614] Analytic 1614

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 22:24:28.695000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1615] Analytic 1615

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 22:30:14.543000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1616] Analytic 1616

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 22:29:39.660000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1617] Analytic 1617

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 22:28:56.147000+00:00	2026-05-12 16:30:18.382000+00:00

[AN2033] Analytic 2033

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:42.205000+00:00	2026-05-12 16:30:18.383000+00:00

[AN2034] Analytic 2034

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:35.460000+00:00	2026-05-12 16:30:18.383000+00:00

[AN2035] Analytic 2035

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:32:37.936000+00:00	2026-05-12 16:30:18.380000+00:00

[AN2036] Analytic 2036

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:48.643000+00:00	2026-05-12 16:30:18.384000+00:00

[AN2037] Analytic 2037

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:31:48.301000+00:00	2026-05-12 16:30:18.378000+00:00

[AN2038] Analytic 2038

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:32:20.041000+00:00	2026-05-12 16:30:18.379000+00:00

[AN2039] Analytic 2039

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:08.936000+00:00	2026-05-12 16:30:18.382000+00:00

[AN2040] Analytic 2040

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:32:41.903000+00:00	2026-05-12 16:30:18.381000+00:00

[AN2041] Analytic 2041

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:31:38.954000+00:00	2026-05-12 16:30:18.377000+00:00

[AN2042] Analytic 2042

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:44.123000+00:00	2026-05-12 16:30:18.384000+00:00

[AN2043] Analytic 2043

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:32:08.148000+00:00	2026-05-12 16:30:18.378000+00:00

[AN2044] Analytic 2044

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:31:16.812000+00:00	2026-05-12 16:30:18.376000+00:00

[AN2059] Analytic 2059

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 21:02:59.794000+00:00	2026-05-12 16:30:18.376000+00:00

[AN2060] Analytic 2060

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 21:03:04.099000+00:00	2026-05-12 16:30:18.376000+00:00

[AN2061] Analytic 2061

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 21:02:57.004000+00:00	2026-05-12 16:30:18.376000+00:00

[AN2062] Analytic 2062

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 21:02:46.916000+00:00	2026-05-12 16:30:18.376000+00:00

mobile-attack

Patches

[AN1644] Analytic 1644

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:30:18.846000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1645] Analytic 1645

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 16:57:33.679000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1646] Analytic 1646

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 20:03:14.269000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1647] Analytic 1647

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 20:27:08.190000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1648] Analytic 1648

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-23 17:40:11.076000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1649] Analytic 1649

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-23 17:42:33.331000+00:00	2026-05-12 16:30:18.375000+00:00

[AN1650] Analytic 1650

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-23 17:35:57.553000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1652] Analytic 1652

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:30:31.921000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1653] Analytic 1653

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-16 21:48:51.316000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1654] Analytic 1654

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-16 22:10:25.735000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1657] Analytic 1657

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 20:47:35.790000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1658] Analytic 1658

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 20:52:16.713000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1663] Analytic 1663

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-19 15:15:16.075000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1664] Analytic 1664

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-19 15:26:39.271000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1665] Analytic 1665

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-01 14:50:46.895000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1666] Analytic 1666

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-30 16:54:01.193000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1669] Analytic 1669

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-09 17:32:52.483000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1670] Analytic 1670

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-09 17:36:14.306000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1675] Analytic 1675

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-17 20:48:31.295000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1676] Analytic 1676

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-17 20:56:49.928000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1677] Analytic 1677

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 17:21:52.654000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1678] Analytic 1678

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 17:39:29.213000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1681] Analytic 1681

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-02 20:39:33.682000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1682] Analytic 1682

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-02 20:40:39.182000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1683] Analytic 1683

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 17:51:41.189000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1684] Analytic 1684

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 18:00:59.178000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1693] Analytic 1693

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-02 20:08:42.566000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1694] Analytic 1694

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-02 20:11:59.312000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1697] Analytic 1697

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-12 17:37:17.976000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1698] Analytic 1698

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 23:37:57.341000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1701] Analytic 1701

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 18:17:45.586000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1702] Analytic 1702

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 17:33:41.747000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1706] Analytic 1706

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-18 19:59:27.650000+00:00	2026-05-12 16:30:18.384000+00:00

[AN1708] Analytic 1708

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-23 23:00:36.132000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1710] Analytic 1710

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-18 19:46:01.796000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1711] Analytic 1711

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-08 20:14:18.733000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1712] Analytic 1712

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:30:39.616000+00:00	2026-05-12 16:30:18.384000+00:00

[AN1713] Analytic 1713

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-11 16:29:42.519000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1714] Analytic 1714

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-12 17:09:47.656000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1715] Analytic 1715

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 19:26:01.974000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1716] Analytic 1716

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-01 15:33:34.145000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1717] Analytic 1717

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-01 15:39:38.487000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1718] Analytic 1718

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 18:10:00.568000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1719] Analytic 1719

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 18:06:40.461000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1720] Analytic 1720

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 18:13:22.436000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1721] Analytic 1721

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 17:01:36.709000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1722] Analytic 1722

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-28 17:28:26.921000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1723] Analytic 1723

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-11 16:02:58.868000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1724] Analytic 1724

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-11 16:09:37.177000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1725] Analytic 1725

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-06 16:02:58.850000+00:00	2026-05-12 16:30:18.375000+00:00

[AN1726] Analytic 1726

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-08 16:26:13.027000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1727] Analytic 1727

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 21:01:31.075000+00:00	2026-05-12 16:30:18.375000+00:00

[AN1728] Analytic 1728

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 19:15:22.491000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1729] Analytic 1729

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 19:20:39.637000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1730] Analytic 1730

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 16:22:36.406000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1731] Analytic 1731

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-01 16:01:38.627000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1732] Analytic 1732

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-01 16:04:16.642000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1733] Analytic 1733

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:30:22.993000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1734] Analytic 1734

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:30:21.803000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1737] Analytic 1737

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 18:45:30.914000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1738] Analytic 1738

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 18:49:55.440000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1739] Analytic 1739

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-12-02 15:38:03.766000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1740] Analytic 1740

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-12-04 17:05:14.687000+00:00	2026-05-12 16:30:18.375000+00:00

[AN1741] Analytic 1741

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 20:26:15.372000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1742] Analytic 1742

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 20:37:17.277000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1743] Analytic 1743

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-02 17:41:17.052000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1747] Analytic 1747

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-06 15:07:15.622000+00:00	2026-05-12 16:30:18.375000+00:00

[AN1748] Analytic 1748

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-06 18:43:26.902000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1751] Analytic 1751

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 18:53:00.289000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1752] Analytic 1752

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 19:12:28.428000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1753] Analytic 1753

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-24 17:54:57.531000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1754] Analytic 1754

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-24 17:56:26.375000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1755] Analytic 1755

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-23 17:50:48.706000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1756] Analytic 1756

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-23 17:58:13.523000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1758] Analytic 1758

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2025-12-04 17:12:06.342000+00:00	2026-05-12 16:30:18.384000+00:00

[AN1759] Analytic 1759

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-16 15:51:26.313000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1762] Analytic 1762

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-06 15:51:25.896000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1763] Analytic 1763

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-06 15:53:14.197000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1764] Analytic 1764

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-24 17:47:35.979000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1767] Analytic 1767

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-08 16:39:38.897000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1768] Analytic 1768

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-08 18:29:03.808000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1770] Analytic 1770

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-17 19:52:38.107000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1771] Analytic 1771

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-17 20:24:52.509000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1772] Analytic 1772

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-04 23:26:47.489000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1773] Analytic 1773

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-04 23:33:56.647000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1774] Analytic 1774

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-23 17:29:42.280000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1776] Analytic 1776

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-04 23:46:03.218000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1777] Analytic 1777

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-04 23:47:29.735000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1778] Analytic 1778

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 19:36:34.664000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1779] Analytic 1779

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 19:53:20.408000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1780] Analytic 1780

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-22 19:50:50.601000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1781] Analytic 1781

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-12 17:25:00.733000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1782] Analytic 1782

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-23 20:22:40.361000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1784] Analytic 1784

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-02 16:07:33.370000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1785] Analytic 1785

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-02 16:21:09.206000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1788] Analytic 1788

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-18 18:06:39.579000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1789] Analytic 1789

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-18 19:33:15.080000+00:00	2026-05-12 16:30:18.375000+00:00

[AN1793] Analytic 1793

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-04 23:55:34.960000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1794] Analytic 1794

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-04 23:56:19.093000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1795] Analytic 1795

Current version: 2.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-23 22:55:59.738000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1797] Analytic 1797

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:30:37.215000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1800] Analytic 1800

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 18:04:23.913000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1801] Analytic 1801

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:30:17.842000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1802] Analytic 1802

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-10 15:33:30.111000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1803] Analytic 1803

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-10 23:16:21.386000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1804] Analytic 1804

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-23 16:59:44.335000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1805] Analytic 1805

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-23 17:10:37.953000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1806] Analytic 1806

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:30:26.476000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1807] Analytic 1807

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-13 15:50:52.912000+00:00	2026-05-12 16:30:18.375000+00:00

[AN1808] Analytic 1808

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-19 20:20:49.044000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1809] Analytic 1809

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-23 20:54:34.747000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1812] Analytic 1812

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-06 19:21:56.951000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1815] Analytic 1815

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:30:28.435000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1816] Analytic 1816

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-18 16:14:55.614000+00:00	2026-05-12 16:30:18.376000+00:00

[AN1817] Analytic 1817

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-18 16:25:11.215000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1820] Analytic 1820

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-24 17:35:08.607000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1821] Analytic 1821

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-02-24 17:34:54.559000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1822] Analytic 1822

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 17:53:31.236000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1823] Analytic 1823

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-13 23:48:31.416000+00:00	2026-05-12 16:30:18.384000+00:00

[AN1824] Analytic 1824

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-16 15:56:09.700000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1825] Analytic 1825

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 18:28:31.071000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1826] Analytic 1826

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 18:41:55.176000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1827] Analytic 1827

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-19 17:21:51.812000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1828] Analytic 1828

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-19 19:41:30.977000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1829] Analytic 1829

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 17:06:45.192000+00:00	2026-05-12 16:30:18.375000+00:00

[AN1830] Analytic 1830

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 17:09:39.997000+00:00	2026-05-12 16:30:18.383000+00:00

[AN1837] Analytic 1837

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 21:18:39.945000+00:00	2026-05-12 16:30:18.384000+00:00

[AN1840] Analytic 1840

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-08 20:08:28.641000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1841] Analytic 1841

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-08 20:07:42.093000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1842] Analytic 1842

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:30:29.495000+00:00	2026-05-12 16:30:18.380000+00:00

[AN1847] Analytic 1847

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 16:13:11.156000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1848] Analytic 1848

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 15:57:30.214000+00:00	2026-05-12 16:30:18.379000+00:00

[AN1849] Analytic 1849

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 16:02:15.040000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1850] Analytic 1850

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-09 19:56:13.060000+00:00	2026-05-12 16:30:18.382000+00:00

[AN1851] Analytic 1851

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-16 16:27:24.678000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1852] Analytic 1852

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-01-29 17:05:14.514000+00:00	2026-05-12 16:30:18.378000+00:00

[AN1853] Analytic 1853

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-17 15:44:07.335000+00:00	2026-05-12 16:30:18.381000+00:00

[AN1854] Analytic 1854

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-03-17 17:55:46.302000+00:00	2026-05-12 16:30:18.382000+00:00

ics-attack

New Analytics

[AN2066] Analytic 2066

Current version: 1.0

Description:

Monitor for newly constructed drive letters or mount points to removable media. Monitor for newly executed processes that execute from removable media after it is mounted or when initiated by a user.

Patches

[AN1864] Analytic 1864

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:55.812000+00:00	2026-05-12 16:30:18.377000+00:00

[AN1922] Analytic 1922

Current version: 1.1

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:58.916000+00:00	2026-05-12 16:30:18.379000+00:00

[AN2045] Analytic 2045

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:56.808000+00:00	2026-05-12 16:30:18.378000+00:00

[AN2046] Analytic 2046

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:34:00.942000+00:00	2026-05-12 16:30:18.382000+00:00

[AN2047] Analytic 2047

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:34:04.333000+00:00	2026-05-12 16:30:18.384000+00:00

[AN2048] Analytic 2048

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:52.442000+00:00	2026-05-12 16:30:18.375000+00:00

[AN2049] Analytic 2049

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:57.629000+00:00	2026-05-12 16:30:18.378000+00:00

[AN2050] Analytic 2050

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:56.263000+00:00	2026-05-12 16:30:18.377000+00:00

[AN2051] Analytic 2051

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:34:03.863000+00:00	2026-05-12 16:30:18.384000+00:00

[AN2052] Analytic 2052

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:57.256000+00:00	2026-05-12 16:30:18.378000+00:00

[AN2053] Analytic 2053

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:55.408000+00:00	2026-05-12 16:30:18.377000+00:00

[AN2054] Analytic 2054

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:34:02.593000+00:00	2026-05-12 16:30:18.383000+00:00

[AN2055] Analytic 2055

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:52.139000+00:00	2026-05-12 16:30:18.375000+00:00

[AN2056] Analytic 2056

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:34:02.964000+00:00	2026-05-12 16:30:18.383000+00:00

[AN2057] Analytic 2057

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:55.025000+00:00	2026-05-12 16:30:18.376000+00:00

[AN2058] Analytic 2058

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2026-04-24 20:33:53.216000+00:00	2026-05-12 16:30:18.376000+00:00