{"id":21316163,"url":"https://github.com/rajeevranjancom/mitre-based-usecases","last_synced_at":"2026-01-02T08:16:29.288Z","repository":{"id":244446465,"uuid":"810696334","full_name":"rajeevranjancom/Mitre-Based-Usecases","owner":"rajeevranjancom","description":"This repository is established as part of my personal projects and cybersecurity research endeavors.","archived":false,"fork":false,"pushed_at":"2024-06-05T21:29:12.000Z","size":312,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-22T10:36:40.700Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rajeevranjancom.png","metadata":{"files":{"readme":"README.md","changelog":"Change of Default File Association Detected","contributing":null,"funding":null,"license":"Copying Sensitive Files with Credential Data","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-05T07:35:28.000Z","updated_at":"2024-06-17T18:56:10.000Z","dependencies_parsed_at":"2024-06-17T21:52:43.103Z","dependency_job_id":null,"html_url":"https://github.com/rajeevranjancom/Mitre-Based-Usecases","commit_stats":null,"previous_names":["rajeevranjancom/mitre-based-usecases"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajeevranjancom%2FMitre-Based-Usecases","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajeevranjancom%2FMitre-Based-Usecases/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajeevranjancom%2FMitre-Based-Usecases/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rajeevranjancom%2FMitre-Based-Usecases/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rajeevranjancom","download_url":"https://codeload.github.com/rajeevranjancom/Mitre-Based-Usecases/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243791884,"owners_count":20348534,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-21T18:30:17.490Z","updated_at":"2026-01-02T08:16:29.235Z","avatar_url":"https://github.com/rajeevranjancom.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Mitre-Based-Usecases\nThis repository is established as part of my personal projects and cybersecurity research endeavors.\n\n![image](https://github.com/rajeevranjancom/Mitre-Based-Usecases/assets/50344183/02e1219d-08b8-4c03-a4b6-77ec011078fa)\n\n# Working of use-cases:\n\n![image](https://github.com/rajeevranjancom/Mitre-Based-Usecases/assets/50344183/dee8e7b8-5aeb-4c02-b2b9-3e0973a8e7bb)\n\nAlerts in cybersecurity serve as notifications or warnings about potential security incidents or vulnerabilities within a network or system. They play a critical role in helping security teams quickly identify, investigate, and respond to threats, thus maintaining the integrity, confidentiality, and availability of information.\n\n### Use Cases of Alerts in Cybersecurity:\n\n1. **Intrusion Detection:**\n   - **Use Case:** Alerts notify security teams of unauthorized access attempts or suspicious activities.\n   - **Example:** An alert triggers when an unknown IP address attempts multiple failed logins on a server.\n\n2. **Malware Detection:**\n   - **Use Case:** Alerts indicate the presence of malicious software such as viruses, ransomware, or spyware.\n   - **Example:** An alert is generated when a file matching the signature of known malware is downloaded or executed.\n\n3. **Phishing Attacks:**\n   - **Use Case:** Alerts inform users and administrators about potential phishing emails or websites.\n   - **Example:** An alert is sent when an email with suspicious links or attachments is detected.\n\n4. **Data Exfiltration:**\n   - **Use Case:** Alerts detect unusual data transfer activities that may indicate data theft.\n   - **Example:** An alert occurs when a large amount of sensitive data is transferred outside the network during off-hours.\n\n5. **Vulnerability Management:**\n   - **Use Case:** Alerts notify about newly discovered vulnerabilities and necessary patches.\n   - **Example:** An alert is issued when a critical security patch is available for a widely-used software application.\n\n6. **Configuration Changes:**\n   - **Use Case:** Alerts detect unauthorized or unexpected changes in system configurations.\n   - **Example:** An alert triggers when firewall rules are altered without proper authorization.\n\n7. **Behavioral Anomalies:**\n   - **Use Case:** Alerts identify deviations from normal user or system behavior that could indicate a compromise.\n   - **Example:** An alert is generated when a user accesses resources they typically do not access.\n\n8. **Compliance Monitoring:**\n   - **Use Case:** Alerts help ensure that systems comply with regulatory and policy requirements.\n   - **Example:** An alert notifies when a system configuration deviates from compliance standards like GDPR or HIPAA.\n\n### Working of Alerts in Cybersecurity:\n\n1. **Data Collection:**\n   - **Sources:** Security Information and Event Management (SIEM) systems, Intrusion Detection Systems (IDS), firewalls, antivirus software, and other security tools collect data from various network components and endpoints.\n   - **Logs and Events:** These systems gather logs, events, and network traffic data.\n\n2. **Analysis:**\n   - **Correlation:** The collected data is analyzed and correlated to identify patterns or signatures associated with known threats.\n   - **Behavioral Analysis:** Machine learning and AI algorithms are used to detect anomalies and unusual behaviors that deviate from the baseline.\n\n3. **Detection:**\n   - **Rule-based Detection:** Predefined rules and signatures trigger alerts when certain conditions are met (e.g., multiple failed login attempts).\n   - **Anomaly Detection:** Advanced systems use statistical models and machine learning to identify deviations from normal behavior, which can indicate new or unknown threats.\n\n4. **Alert Generation:**\n   - **Severity Levels:** Alerts are categorized based on severity (e.g., informational, warning, critical) to prioritize response.\n   - **Notification:** Alerts are sent to security teams via dashboards, emails, SMS, or integration with other incident response tools.\n\n5. **Response:**\n   - **Investigation:** Security analysts investigate the alerts to determine the validity and scope of the potential threat.\n   - **Mitigation:** If a threat is confirmed, appropriate actions are taken to mitigate the risk, such as isolating affected systems, applying patches, or blocking malicious IP addresses.\n   - **Reporting:** Incidents are documented, and reports are generated for compliance and further analysis.\n\n6. **Feedback and Improvement:**\n   - **Tuning:** Based on the investigation outcomes, rules and detection mechanisms are refined to reduce false positives and improve detection accuracy.\n   - **Learning:** Continuous learning from past incidents helps in enhancing the overall security posture and readiness against future threats.\n\nBy using alerts effectively, organizations can proactively manage and mitigate risks, ensuring a robust defense against cyber threats.\n\nCreating use case alerts based on the MITRE ATT\u0026CK framework involves defining and implementing specific alerts that map to tactics, techniques, and procedures (TTPs) identified in the MITRE ATT\u0026CK matrix. These use cases help in detecting potential threats by recognizing behaviors and activities associated with known adversarial tactics. Here's a step-by-step guide to creating MITRE-based use case alerts:\n\n## MITRE MAPPING\n\n\u003cdiv\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Reconnaissance-ff4d94?\u0026style=for-the-badge\u0026logo=Suricata\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Resource Development-b3ffb3?\u0026style=for-the-badge\u0026logo=Suricata\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Initial Access-cc0000?\u0026style=for-the-badge\u0026logo=Elastic\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Execution-3333ff?\u0026style=for-the-badge\u0026logo=ProAct\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Persistence \u0026 Event Management-adad85?\u0026style=for-the-badge\u0026logo=ProAct\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Privilege Escalation-0066cc?\u0026style=for-the-badge\u0026logo=ProAct\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Defense Evasion-ff0080?\u0026style=for-the-badge\u0026logo=ProAct\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Credential Access-ff0080?\u0026style=for-the-badge\u0026logo=ProAct\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Discovery-e69900?\u0026style=for-the-badge\u0026logo=ProAct\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Lateral Movement-40bf40?\u0026style=for-the-badge\u0026logo=ProAct\u0026logoColor=white\" /\u003e    \n    \u003cimg src=\"https://img.shields.io/badge/-Collection-ff4d94?\u0026style=for-the-badge\u0026logo=Suricata\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Command and Control-b3ffb3?\u0026style=for-the-badge\u0026logo=Suricata\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Exfiltration-cc0000?\u0026style=for-the-badge\u0026logo=Elastic\u0026logoColor=white\" /\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-Impact-3333ff?\u0026style=for-the-badge\u0026logo=ProAct\u0026logoColor=white\" /\u003e\n\u003c/div\u003e\n\n## Step 1: Understand the MITRE ATT\u0026CK Framework\nThe MITRE ATT\u0026CK framework is a comprehensive matrix of tactics and techniques used by adversaries. It is divided into:\n\nTactics: The \"why\" of an attack (e.g., Initial Access, Execution, Persistence).\nTechniques: The \"how\" of an attack (e.g., Phishing, PowerShell, Scheduled Task).\n\n## Step 2: Identify Relevant TTPs\nBased on your organization's threat model and environment, identify which TTPs are most relevant. For example, if your organization uses Windows, you might focus on techniques frequently used against Windows systems.\n\n## Step 3: Gather Logs and Data Sources\nEnsure that you have access to necessary logs and data sources such as:\n\nEndpoint detection and response (EDR) logs\nNetwork traffic logs\nAuthentication logs\nApplication logs\n\n## Step 4: Define Use Cases\nTranslate the identified TTPs into specific use cases. Each use case should describe the following:\n\nObjective: What you aim to detect.\nTactic and Technique: Corresponding MITRE ATT\u0026CK tactic and technique.\nData Sources: Logs and data required.\nDetection Logic: How to identify the suspicious activity.\n\n## Step 5: Implement Detection Logic\nCreate the actual detection rules using your SIEM or EDR tool. The detection logic can vary based on the platform, but generally involves:\n\nIndicators of Compromise (IoCs): Specific artifacts like file hashes or IP addresses.\nBehavioral Indicators: Patterns of behavior such as unusual login times, execution of certain scripts, etc.\n\n## Step 6: Test and Tune\nBefore deploying the use cases into production, test them thoroughly to ensure they work as expected and do not generate false positives. Fine-tune the logic as necessary.\n\n## Step 7: Deploy and Monitor\nDeploy the alerts in your production environment and continuously monitor their effectiveness. Update the use cases as new TTPs emerge or as your environment changes.\n\nExample Use Case: Detecting PowerShell Execution (T1059.001)\nObjective: Detect malicious PowerShell execution.\n\nTactic: Execution\n\nTechnique: PowerShell (T1059.001)\n\nData Sources:\n\nWindows Event Logs (Event ID 4104 for PowerShell Script Block Logging)\nEDR logs\n\n## Detection Logic:\n\nLook for suspicious PowerShell commands that are commonly used by attackers, such as those that:\nEncode scripts (powershell.exe -EncodedCommand)\nDownload content from the internet (e.g., Invoke-WebRequest, wget)\nAccess WMI objects\n\n![image](https://github.com/rajeevranjancom/Mitre-Based-Usecases/assets/50344183/327f6c9c-8d05-4ebc-a8c5-312eb1c1af97)\n\n\nExample Use Case: Detecting Unusual RDP Activity (T1076)\nObjective: Detect unusual Remote Desktop Protocol (RDP) activity that might indicate lateral movement or unauthorized access.\n\nTactic: Lateral Movement\n\nTechnique: Remote Desktop Protocol (T1076)\n\nData Sources:\n\nWindows Security Event Logs (Event ID 4624 for logon events)\nNetwork traffic logs\nRDP session logs\nDetection Logic:\n\nIdentify RDP sessions initiated from unusual IP addresses.\nDetect multiple RDP login attempts from a single IP in a short time frame.\nAlert on RDP logins outside of normal business hours.\n\nExample SIEM Rule:\n\n![image](https://github.com/rajeevranjancom/Mitre-Based-Usecases/assets/50344183/e24e69c5-bf95-4116-99db-c75ba68c02eb)\n\n![image](https://github.com/rajeevranjancom/Mitre-Based-Usecases/assets/50344183/db4a1871-56ef-40e4-9dde-89efc4f78e83)\n\n![image](https://github.com/rajeevranjancom/Mitre-Based-Usecases/assets/50344183/605ed5d3-9816-420f-bcf8-b7bea9a17bf5)\n\n![image](https://github.com/rajeevranjancom/Mitre-Based-Usecases/assets/50344183/5c316462-11c0-42e9-af4b-a889f990a325)\n\n![image](https://github.com/rajeevranjancom/Mitre-Based-Usecases/assets/50344183/da3030fb-7ed4-4104-826c-32f644ab0736)\n\n# Index\n\n| Rule Name                                        | Associated Project      |  \n|-----------------------------------------------|----------------------------|\n| AADInternals PowerShell Cmdlet Execution | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/AADInternals%20PowerShell%20Cmdlet%20Execution\"\u003eAADInternals PowerShell Cmdlet Execution \u003c/a\u003e|\n| AD Object WriteDAC Access Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/AD%20Object%20WriteDAC%20Access%20Detected\"\u003eAD Object WriteDAC Access Detected \u003c/a\u003e|\n| AD Privileged Users or Groups Reconnaissance Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/AD%20Privileged%20Users%20or%20Groups%20Reconnaissance%20Detected\"\u003eAD Privileged Users or Groups Reconnaissance Detected\u003c/a\u003e|\n| Accessibility Features-Registry | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Accessibility%20Features-Registry\"\u003eAccessibility Features-Registry\u003c/a\u003e|\n| Accessibility features - Process | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Accessibility%20features%20-%20Process\"\u003eAccessibility features - Process \u003c/a\u003e|\n| Account Discovery Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Account%20Discovery%20Detected\"\u003eAccount Discovery Detected\u003c/a\u003e|\n| Active Directory DLLs Loaded By Office Applications | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Active%20Directory%20DLLs%20Loaded%20By%20Office%20Applications\"\u003eActive Directory DLLs Loaded By Office Applications\u003c/a\u003e|\n| Active Directory Replication User Backdoor | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Active%20Directory%20Replication%20User%20Backdoor\"\u003eActive Directory Replication User Backdoor\u003c/a\u003e|\n| Active Directory Schema Change Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Active%20Directory%20Schema%20Change%20Detected\"\u003eActive Directory Schema Change Detected\u003c/a\u003e|\n| Activity Related to NTDS Domain Hash Retrieval    | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Activity%20Related%20to%20NTDS%20Domain%20Hash%20Retrieval\"\u003eActivity Related to NTDS Domain Hash Retrieval\u003c/a\u003e|\n| Addition of SID History to Active Directory Object | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Addition%20of%20SID%20History%20to%20Active%20Directory%20Object\"\u003eAddition of SID History to Active Directory Object\u003c/a\u003e|\n| Adobe Flash Use-After-Free Vulnerability Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Adobe%20Flash%20Use-After-Free%20Vulnerability%20Detected\"\u003eAdobe Flash Use-After-Free Vulnerability Detected\u003c/a\u003e|\n|Adwind RAT JRAT Detected  | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Adwind%20RAT%20JRAT%20Detected\"\u003eAdwind RAT JRAT Detected \u003c/a\u003e|\n| Antivirus Exploitation Framework Detection        | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Antivirus%20Exploitation%20Framework%20Detection\"\u003eAntivirus Exploitation Framework Detection\u003c/a\u003e|\n| Antivirus Password Dumper Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Antivirus%20Password%20Dumper%20Detected\"\u003eAntivirus Password Dumper Detected\u003c/a\u003e|\n| Antivirus Web Shell Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Antivirus%20Web%20Shell%20Detected\"\u003eAntivirus Web Shell Detected\u003c/a\u003e|\n| Apache Struts 2 Remote Code Execution Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Apache%20Struts%202%20Remote%20Code%20Execution%20Detected\"\u003eApache Struts 2 Remote Code Execution Detected\u003c/a\u003e|\n| AppCert DLLs Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/AppCert%20DLLs%20Detected\"\u003eAppCert DLLs Detected\u003c/a\u003e|\n| Application Shimming - File Access Detected        | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Application%20Shimming%20-%20File%20Access%20Detected\"\u003eApplication Shimming - File Access Detected\u003c/a\u003e|\n| Application Whitelisting Bypass via Bginfo Detected    | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Application%20Whitelisting%20Bypass%20via%20Bginfo%20Detected\"\u003eApplication Whitelisting Bypass via Bginfo Detected\u003c/a\u003e|\n| Application Whitelisting Bypass via DLL Loaded by odbcconf Detected     | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Application%20Whitelisting%20Bypass%20via%20DLL%20Loaded%20by%20odbcconf%20Detected\"\u003eApplication Whitelisting Bypass via DLL Loaded by odbcconf Detected \u003c/a\u003e|\n| Application Whitelisting Bypass via Dnx Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Application%20Whitelisting%20Bypass%20via%20Dnx%20Detected\"\u003eApplication Whitelisting Bypass via Dnx Detected\u003c/a\u003e|\n| Application Whitelisting Bypass via Dxcap Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Application%20Whitelisting%20Bypass%20via%20Dxcap%20Detected\"\u003eApplication Whitelisting Bypass via Dxcap Detected\u003c/a\u003e|\n| Audio Capture Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Audio%20Capture%20Detected\"\u003eAudio Capture Detected \u003c/a\u003e|\n| Authentication Package Detected  | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Authentication%20Package%20Detected\"\u003eAuthentication Package Detected\u003c/a\u003e|\n| Autorun Keys Modification Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Autorun%20Keys%20Modification%20Detected\"\u003eAutorun Keys Modification Detected\u003c/a\u003e|\n| BITS Jobs - Network Detected  | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/BITS%20Jobs%20-%20Network%20Detected\"\u003eBITS Jobs - Network Detected\u003c/a\u003e|\n| BITS Jobs - Process Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/BITS%20Jobs%20-%20Process%20Detected\"\u003eBITS Jobs - Process Detected\u003c/a\u003e|\n| Batch Scripting Detected| \u003ca href=\"https://google.com\"\u003eBatch Scripting Detected\u003c/a\u003e|\n| SIEM Implementation and Log Analysis | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Batch%20Scripting%20Detected\"\u003eDetection Lab\u003c/a\u003e|\n| Bloodhound and Sharphound Hack Tool Detected  | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Bloodhound%20and%20Sharphound%20Hack%20Tool%20Detected\"\u003eBloodhound and Sharphound Hack Tool Detected\u003c/a\u003e|\n| BlueMashroom DLL Load Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/BlueMashroom%20DLL%20Load%20Detected\"\u003eBlueMashroom DLL Load Detected\u003c/a\u003e|\n| Browser Bookmark Discovery | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Browser%20Bookmark%20DiscoveryBrowser Bookmark Discovery\"\u003e Browser Bookmark Discovery\u003c/a\u003e|\n|Bypass UAC via CMSTP Detected  | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Bypass%20UAC%20via%20CMSTP%20Detected\"\u003eBypass UAC via CMSTP Detected\u003c/a\u003e|\n| Bypass User Account Control using Registry | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Bypass%20User%20Account%20Control%20using%20RegistryBypass User Account Control using Registry\"\u003eBypass User Account Control using Registry \u003c/a\u003e|\n| C-Sharp Code Compilation Using Ilasm Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/C-Sharp%20Code%20Compilation%20Using%20Ilasm%20Detected\u003eC-Sharp Code Compilation Using Ilasm Detected\"\u003eC-Sharp Code Compilation Using Ilasm Detected\u003c/a\u003e|\n| CACTUSTORCH Remote Thread Creation Detected    | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/CACTUSTORCH%20Remote%20Thread%20Creation%20Detected\"\u003eCACTUSTORCH Remote Thread Creation Detected\u003c/a\u003e|\n| CEO Fraud - Possible Fraudulent Email Behavior     | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/CEO%20Fraud%20-%20Possible%20Fraudulent%20Email%20Behavior\"\u003eCEO Fraud - Possible Fraudulent Email Behavior\u003c/a\u003e|\n| CMSTP Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/CMSTP%20Detected\"\u003eCMSTP Detected \u003c/a\u003e|\n| CMSTP Execution Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/CMSTP%20Execution%20Detected\"\u003eCMSTP Execution Detected\u003c/a\u003e|\n| CMSTP UAC Bypass via COM Object Access | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/CMSTP%20UAC%20Bypass%20via%20COM%20Object%20Access\"\u003eCMSTP UAC Bypass via COM Object Access\u003c/a\u003e|\n| CVE-2019-0708 RDP RCE Vulnerability Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/CVE-2019-0708%20RDP%20RCE%20Vulnerability%20Detected\"\u003eCVE-2019-0708 RDP RCE Vulnerability Detected\u003c/a\u003e|\n| Capture a Network Trace with netsh | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Capture%20a%20Network%20Trace%20with%20netsh\"\u003eCapture a Network Trace with netsh\u003c/a\u003e|\n| Certutil Encode Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Certutil%20Encode%20Detected\"\u003eCertutil Encode Detected\u003c/a\u003e|\n| Chafer Activity Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Chafer%20Activity%20Detected\"\u003eChafer Activity Detected\u003c/a\u003e|\n| Change of Default File Association Detected  | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Change%20of%20Default%20File%20Association%20Detected\"\u003eChange of Default File Association Detected\u003c/a\u003e|\n| Citrix ADC VPN Directory Traversal Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Citrix%20ADC%20VPN%20Directory%20Traversal%20Detected\"\u003eCitrix ADC VPN Directory Traversal Detected\u003c/a\u003e| \n| Clearing of PowerShell Logs Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Citrix%20ADC%20VPN%20Directory%20Traversal%20Detected\"\u003eClearing of PowerShell Logs Detected/a\u003e|\n| Clipboard Data Access Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Clipboard%20Data%20Access%20Detected\"\u003eClipboard Data Access Detected\u003c/a\u003e|\n| Clop Ransomware Emails Sent to Attacker | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Clop%20Ransomware%20Emails%20Sent%20to%20Attacker\"\u003eClop Ransomware Emails Sent to Attacker \u003c/a\u003e|\n| Incident Response Planning and Execution | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Clop%20Ransomware%20Emails%20Sent%20to%20Attacker\"\u003eIncident Response Planning and Execution \u003c/a\u003e|\n| Clop Ransomware Infected Host Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Clop%20Ransomware%20Infected%20Host%20Detected\"\u003eClop Ransomware Infected Host Detected\u003c/a\u003e|\n| Scripting and Automation for Threat Mitigation | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Clop%20Ransomware%20Infected%20Host%20Detected\"\u003eScripting and Automation for Threat Mitigation\u003c/a\u003e|\n| Cmdkey Cached Credentials Recon Detected   | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Cmdkey%20Cached%20Credentials%20Recon%20Detected\"\u003eCmdkey Cached Credentials Recon Detected\u003c/a\u003e|\n| CobaltStrike Process Injection Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/CobaltStrike%20Process%20Injection%20Detected\"\u003eCobaltStrike Process Injection Detected\u003c/a\u003e|\n| Command Obfuscation in Command Prompt| \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Command%20Obfuscation%20in%20Command%20Prompt\"\u003eCommand Obfuscation in Command Prompt\u003c/a\u003e|\n| Command Obfuscation via Character Insertion  | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Command%20Obfuscation%20via%20Character%20Insertion\"\u003eCommand Obfuscation via Character Insertion\u003c/a\u003e|\n| Command Obfuscation via Environment Variable Concatenation Reassembly  | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Command%20Obfuscation%20via%20Environment%20Variable%20Concatenation%20Reassembly\"\u003eCommand Obfuscation via Environment Variable Concatenation Reassembly\u003c/a\u003e|\n| Compiled HTML File Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Compiled%20HTML%20File%20Detected\"\u003eCompiled HTML File Detected\u003c/a\u003e|\n| Component Object Model Hijacking Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Component%20Object%20Model%20Hijacking%20Detected\"\u003eComponent Object Model Hijacking Detected\u003c/a\u003e|\n| Connection to Hidden Cobra Source  | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Connection%20to%20Hidden%20Cobra%20Source\"\u003eConnection to Hidden Cobra Source\u003c/a\u003e|\n| Console History Discovery Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Console%20History%20Discovery%20Detected\"\u003eConsole History Discovery Detected\u003c/a\u003e|\n| Control Panel Items - Process Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Control%20Panel%20Items%20-%20Process%20Detected\"\u003eControl Panel Items - Process Detected\u003c/a\u003e|\n| Control Panel Items - Registry Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Control%20Panel%20Items%20-%20Registry%20Detected\"\u003eControl Panel Items - Registry Detected\u003c/a\u003e|\n| Control Panel Items Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Control%20Panel%20Items%20Detected\"\u003eControl Panel Items Detected\u003c/a\u003e|\n| Copy from Admin Share Detected  | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Copy%20from%20Admin%20Share%20Detected\"\u003eCopy from Admin Share Detected\u003c/a\u003e|\n| Copying Sensitive Files with Credential Data | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Copying%20Sensitive%20Files%20with%20Credential%20Data\"\u003eCopying Sensitive Files with Credential Data \u003c/a\u003e|\n| Copyright Violation Email | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Copyright%20Violation%20Email\"\u003eCopyright Violation Email\u003c/a\u003e|\n| CrackMapExecWin Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/CrackMapExecWin%20Detected\"\u003eCrackMapExecWin Detected\u003c/a\u003e|\n| CreateMiniDump Hacktool Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/CreateMiniDump%20Hacktool%20Detected\"\u003eCreateMiniDump Hacktool Detected\u003c/a\u003e|\n| CreateRemoteThread API and LoadLibrary | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/CreateRemoteThread%20API%20and%20LoadLibrary\"\u003eCreateRemoteThread API and LoadLibrary\u003c/a\u003e|\n| Credential Access via Input Prompt Detected    | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Credential%20Access%20via%20Input%20Prompt%20Detected\"\u003eCredential Access via Input Prompt Detected \u003c/a\u003e|\n| Credential Dump Tools Dropped Files Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Credential%20Dump%20Tools%20Dropped%20Files%20Detected\"\u003eCredential Dump Tools Dropped Files Detected \u003c/a\u003e|\n| Credential Dumping - Process Access | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Credential%20Dumping%20-%20Process%20Access\"\u003eCredential Dumping - Process Access \u003c/a\u003e|\n| Credential Dumping - Process Creation   | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Credential%20Dumping%20-%20Process%20Creation\"\u003eCredential Dumping - Process Creation \u003c/a\u003e|\n| Credential Dumping - Registry Save | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Credential%20Dumping%20-%20Registry%20Save\"\u003eCredential Dumping - Registry Save \u003c/a\u003e|\n| Credential Dumping with ImageLoad Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Credential%20Dumping%20with%20ImageLoad%20Detected\"\u003eCredential Dumping with ImageLoad Detected \u003c/a\u003e|\n| Credentials Access in Files Detected | \u003ca href=\"Credentials Access in Files Detected\"\u003eCredentials Access in Files Detected \u003c/a\u003e|\n| Credentials Capture via Rpcping Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Credentials%20Capture%20via%20Rpcping%20Detected\"\u003eCredentials Capture via Rpcping Detected\u003c/a\u003e|\n| Credentials in Registry Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Credentials%20in%20Registry%20Detected\"\u003eCredentials in Registry Detected/a\u003e|\n| Curl Start Combination Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Curl%20Start%20Combination%20Detected\"\u003eCurl Start Combination Detected\u003c/a\u003e|\n| DCSync detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/DCSync%20detected\"\u003eDCSync detected\u003c/a\u003e|\\\n| DLL Side Loading Via Microsoft Defender | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/DLL%20Side%20Loading%20Via%20Microsoft%20Defender\"\u003eDLL Side Loading Via Microsoft Defender\u003c/a\u003e|\n| Data Compression Detected in Windows | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Data%20Compression%20Detected%20in%20Windows\"\u003eData Compression Detected in Windows\u003c/a\u003e|\n| DenyAllWAF SQL Injection Attack | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/DenyAllWAF%20SQL%20Injection%20Attack\"\u003eDenyAllWAF SQL Injection Attack\u003c/a\u003e|\n| Execution of Trojanized 3CX Application | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Execution%20of%20Trojanized%203CX%20Application\"\u003eExecution of Trojanized 3CX Application\u003c/a\u003e|\n| Javascript conversion to executable Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Javascript%20conversion%20to%20executable%20Detected\"\u003eJavascript conversion to executable Detected\u003c/a\u003e|\n| LSASS Process Access by Mimikatz | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/LSASS%20Process%20Access%20by%20Mimikatz\"\u003eLSASS Process Access by Mimikatz\u003c/a\u003e|\n| Malicious use of Scriptrunner Detected| \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Malicious%20use%20of%20Scriptrunner%20Detected\"\u003eMalicious use of Scriptrunner Detected\u003c/a\u003e|\n| Microsoft SharePoint Remote Code Execution Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Microsoft%20SharePoint%20Remote%20Code%20Execution%20Detected\"\u003eMicrosoft SharePoint Remote Code Execution Detected\u003c/a\u003e|\n| Mitre - Initial Access - Valid Account - Unauthorized IP Access | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Mitre%20-%20Initial%20Access%20-%20Valid%20Account%20-%20Unauthorized%20IP%20Access\"\u003eMitre - Initial Access - Valid Account - Unauthorized IP Access\u003c/a\u003e|\n| Msbuild Spawned by Unusual Parent Process | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Msbuild%20Spawned%20by%20Unusual%20Parent%20Process\"\u003eMsbuild Spawned by Unusual Parent Process\u003c/a\u003e|\n| Process Dump via Resource Leak Diagnostic Tool| \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Process%20Dump%20via%20Resource%20Leak%20Diagnostic%20Tool\"\u003eProcess Dump via Resource Leak Diagnostic Tool\u003c/a\u003e|\n| Proxy Execution via Desktop Setting Control Panel | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Proxy%20Execution%20via%20Desktop%20Setting%20Control%20Panel\"\u003eProxy Execution via Desktop Setting Control Panel\u003c/a\u003e|\n| Regsvr32 Anomalous Activity Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Regsvr32%20Anomalous%20Activity%20Detected\"\u003eRegsvr32 Anomalous Activity Detected\u003c/a\u003e|\n| Remote File Execution via MSIEXEC | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Remote%20File%20Execution%20via%20MSIEXEC\"\u003e Remote File Execution via MSIEXEC\u003c/a\u003e|\n| ScreenSaver Registry Key Set Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/ScreenSaver%20Registry%20Key%20Set%20Detected\"\u003e ScreenSaver Registry Key Set Detected\u003c/a\u003e|\n| Suspicious ConfigSecurityPolicy Execution Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Suspicious%20ConfigSecurityPolicy%20Execution%20Detected\"\u003eSuspicious ConfigSecurityPolicy Execution Detected\u003c/a\u003e|\n| Suspicious DLL execution via Register-Cimprovider | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Suspicious%20DLL%20execution%20via%20Register-Cimprovider\"\u003eSuspicious DLL execution via Register-Cimprovider\u003c/a\u003e|\n| Suspicious Driver Loaded | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Suspicious%20Driver%20Loaded\"\u003eSuspicious Driver Loaded\u003c/a\u003e|\n| Suspicious Execution of Gpscript Detected| \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Suspicious%20Execution%20of%20Gpscript%20Detected\"\u003eSuspicious Execution of Gpscript Detected\u003c/a\u003e|\n| Suspicious File Execution via MSHTA | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Suspicious%20File%20Execution%20via%20MSHTA\"\u003eSuspicious File Execution via MSHTA\u003c/a\u003e|\n| SSuspicious Files Designated as System Files Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Suspicious%20Files%20Designated%20as%20System%20Files%20Detected\"\u003eSuspicious Files Designated as System Files Detected\u003c/a\u003e|\n| Suspicious Microsoft Equation Editor Child Process | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Suspicious%20Microsoft%20Equation%20Editor%20Child%20Process\"\u003eSuspicious Microsoft Equation Editor Child Process\u003c/a\u003e|\n| Suspicious Named Pipe Connection to Azure AD Connect Database | \u003ca href=\"Suspicious Named Pipe Connection to Azure AD Connect Database\"\u003eSuspicious Named Pipe Connection to Azure AD Connect Database\u003c/a\u003e|\n| Suspicious Scheduled Task Creation via Masqueraded XML File | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Suspicious%20Scheduled%20Task%20Creation%20via%20Masqueraded%20XML%20File\"\u003eSuspicious Scheduled Task Creation via Masqueraded XML File\u003c/a\u003e|\n| Suspicious WMIC XSL Script Execution | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Suspicious%20WMIC%20XSL%20Script%20Execution\"\u003eSuspicious WMIC XSL Script Execution\u003c/a\u003e|\n| Suspicious process related to Rundll32 Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Suspicious%20process%20related%20to%20Rundll32%20Detected\"\u003eSuspicious process related to Rundll32 Detected\u003c/a\u003e|\n| SUAC Bypass Attempt via Windows Directory Masquerading| \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/UAC%20Bypass%20Attempt%20via%20Windows%20Directory%20Masquerading\"\u003eDUAC Bypass Attempt via Windows Directory Masquerading\u003c/a\u003e|\n| UAC Bypass via Sdclt Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/UAC%20Bypass%20via%20Sdclt%20Detected\"\u003eUAC Bypass via Sdclt Detected \u003c/a\u003e|\n| Unsigned Image Loaded Into LSASS Process | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Unsigned%20Image%20Loaded%20Into%20LSASS%20Process\"\u003eUnsigned Image Loaded Into LSASS Process\u003c/a\u003e|\n| Usage of Sysinternals Tools Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Usage%20of%20Sysinternals%20Tools%20Detected\"\u003eUsage of Sysinternals Tools Detected\u003c/a\u003e|\n| Usage of Sysinternals Tools Detected| \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Usage%20of%20Sysinternals%20Tools%20Detected\"\u003eUsage of Sysinternals Tools Detected\u003c/a\u003e|\n| Windows Command Line Execution with Suspicious URL and AppData Strings| \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Windows%20Command%20Line%20Execution%20with%20Suspicious%20URL%20and%20AppData%20Strings\"\u003eWindows Command Line Execution with Suspicious URL and AppData Strings\u003c/a\u003e|\n| Windows CryptoAPI Spoofing Vulnerability Detected | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Windows%20CryptoAPI%20Spoofing%20Vulnerability%20Detected\"\u003eWindows CryptoAPI Spoofing Vulnerability Detected\u003c/a\u003e|\n| Windows Error Process Masquerading| \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Windows%20Error%20Process%20Masquerading\"\u003eWindows Error Process Masquerading\u003c/a\u003e|\n| Xwizard DLL Side Loading Detected| \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Xwizard%20DLL%20Side%20Loading%20Detected\"\u003eXwizard DLL Side Loading Detected\u003c/a\u003e|\n| ZIP File Creation or Extraction via Printer Migration CLI Tool | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/ZIP%20File%20Creation%20or%20Extraction%20via%20Printer%20Migration%20CLI%20Tool\"\u003eZIP File Creation or Extraction via Printer Migration CLI Tool\u003c/a\u003e|\n| Data Staging Process Detected in Windows | \u003ca href=\"https://github.com/rajeevranjancom/Mitre-Based-Usecases/blob/main/Data%20Staging%20Process%20Detected%20in%20Windows\"\u003eData Staging Process Detected in Windows|\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frajeevranjancom%2Fmitre-based-usecases","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frajeevranjancom%2Fmitre-based-usecases","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frajeevranjancom%2Fmitre-based-usecases/lists"}