Attack path: Direct Network Flood
Kill-chain expansion via actor co-occurrence analysis ·
16 techniques ·
2 detectable
·
14 detection gaps
Entry point: CVE-2021-42142
T1498.001
Reconnaissance
T1597.002
Purchase Technical Data
× no rule
29.8x lift
T1591.003
Identify Business Tempo
× no rule
29.8x lift
T1597.001
Threat Intel Vendors
× no rule
29.8x lift
T1593.002
Search Engines
× no rule
22.3x lift
T1597
Search Closed Sources
× no rule
22.3x lift
T1591.001
Determine Physical Locations
× no rule
17.9x lift
T1591.002
Business Relationships
× no rule
17.9x lift
T1594
Search Victim-Owned Websites
× no rule
17.9x lift
Resource Dev
Impact
T1498.001
Direct Network Flood
× no rule
999.0x lift
T1499.003
Application Exhaustion Flood
× no rule
29.8x lift
T1498.002
Reflection Amplification
× no rule
29.8x lift
T1499.001
OS Exhaustion Flood
✓ sigma
29.8x lift
T1499.002
Service Exhaustion Flood
× no rule
24.8x lift
T1498
Network Denial of Service
✓ sigma
21.6x lift
Entry point (from CVE)
Detection rule available
Detection gap - potential blind spot
Lift = how strongly this technique co-occurs with the entry point across shared threat actors (1x = expected, 5x = highly distinctive)
Hunt package
All 16 techniques in this chain - Sigma rules, Atomic tests, and detection gaps in one view.