Attack path: Service Exhaustion Flood
Kill-chain expansion via actor co-occurrence analysis ·
16 techniques ·
3 detectable
·
13 detection gaps
Entry point: CVE-2017-1000182
T1499.002
Reconnaissance
T1597.002
Purchase Technical Data
× no rule
39.7x lift
T1591.003
Identify Business Tempo
× no rule
39.7x lift
T1597.001
Threat Intel Vendors
× no rule
39.7x lift
T1593.002
Search Engines
× no rule
29.8x lift
T1597
Search Closed Sources
× no rule
29.8x lift
T1594
Search Victim-Owned Websites
× no rule
23.8x lift
T1591.001
Determine Physical Locations
× no rule
23.8x lift
T1591.002
Business Relationships
× no rule
23.8x lift
Resource Dev
Impact
T1499.002
Service Exhaustion Flood
× no rule
999.0x lift
T1499.001
OS Exhaustion Flood
✓ sigma
39.7x lift
T1499.003
Application Exhaustion Flood
× no rule
39.7x lift
T1498.002
Reflection Amplification
× no rule
33.1x lift
T1498.001
Direct Network Flood
× no rule
24.8x lift
T1498
Network Denial of Service
✓ sigma
18.0x lift
T1499.004
Application or System Exploita…
✓ sigma
13.2x lift
Entry point (from CVE)
Detection rule available
Detection gap - potential blind spot
Lift = how strongly this technique co-occurs with the entry point across shared threat actors (1x = expected, 5x = highly distinctive)
Hunt package
All 16 techniques in this chain - Sigma rules, Atomic tests, and detection gaps in one view.