| DET0028 |
Detect Excessive or Unauthorized Bandwidth Usage for Botnet, Proxyjacking, or Scanning Purposes |
T1496.002 |
| DET0247 |
Detection of Adversary Use of Unused or Unsupported Cloud Regions (IaaS) |
T1535 |
| DET0308 |
Detection Strategy for Modify Cloud Compute Infrastructure |
T1578 |
| DET0449 |
Detection Strategy for Modify Cloud Compute Infrastructure: Create Cloud Instance |
T1578.002 |
| DET0337 |
Detection Strategy for Modify Cloud Compute Infrastructure: Revert Cloud Instance |
T1578.004 |
| DET0334 |
Detection Strategy for T1525 – Implant Internal Image |
T1525 |
| DET0208 |
Endpoint Resource Saturation and Crash Pattern Detection Across Platforms |
T1499 |
| DET0540 |
Multi-Platform Behavioral Detection for Compute Hijacking |
T1496.001 |
| DET0267 |
Resource Hijacking Detection Strategy |
T1496 |
| DET0248 |
User Execution – Malicious Image (containers & IaaS) – pull/run → start → anomalous behavior (T1204.003) |
T1204.003 |
| DET0478 |
User Execution – multi-surface behavior chain (documents/links → helper/unpacker → LOLBIN/child → egress) |
T1204 |