Fix MITRE ATT&CK mappings per CodeRabbit review

- Replace generic T1190/T1059/T1078 with context-specific techniques
- Persistence: T1547, T1053, T1543, T1574
- Credentials: T1003, T1558, T1550
- Phishing: T1566, T1204, T1534
- Ransomware: T1486, T1490, T1489
- Cloud: T1078, T1537, T1580, T1098
- Remove mappings from out-of-scope subdomains (ot-ics, malware-analysis, digital-forensics)
This commit is contained in:
MAGI
2026-03-17 17:12:05 -06:00
committed by Julio César Suástegui
parent 5e62a7ea2c
commit 42258456e8
32 changed files with 31 additions and 36 deletions
@@ -4,7 +4,7 @@ description: Analyze memory dumps using Volatility3 plugins to detect injected c
domain: cybersecurity
subdomain: malware-analysis
tags: [memory-forensics, volatility3, malware-analysis, incident-response, process-injection, rootkit-detection, dfir]
mitre_attack: ["T1003", "T1055", "T1620", "T1574"]
mitre_attack: ["T1003", "T1055", "T1620"]
version: "1.0"
author: mahipal
license: Apache-2.0