Fix MITRE ATT&CK mappings per CodeRabbit review

- Replace generic T1190/T1059/T1078 with context-specific techniques
- Persistence: T1547, T1053, T1543, T1574
- Credentials: T1003, T1558, T1550
- Phishing: T1566, T1204, T1534
- Ransomware: T1486, T1490, T1489
- Cloud: T1078, T1537, T1580, T1098
- Remove mappings from out-of-scope subdomains (ot-ics, malware-analysis, digital-forensics)
This commit is contained in:
MAGI
2026-03-17 17:12:05 -06:00
committed by Julio César Suástegui
parent 5e62a7ea2c
commit 42258456e8
32 changed files with 31 additions and 36 deletions
@@ -4,7 +4,6 @@ description: Systematically deobfuscate multi-layer PowerShell malware using AST
domain: cybersecurity
subdomain: malware-analysis
tags: [powershell, deobfuscation, malware-analysis, scripting, obfuscation, ast-analysis, incident-response]
mitre_attack: ["T1190", "T1059", "T1078"]
version: "1.0"
author: mahipal
license: Apache-2.0