Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Impact/ T1565.001

T1565.001Stored Data Manipulation

T1565.001 — Stored Data Manipulation is a MITRE ATT&CK technique in the Impact tactic. Clankerusecase tracks 8 detection use cases covering it and 7 threat-intel articles citing it.

Impact
View on the matrix → Filter Detection Library MITRE official spec ↗
8Use cases
7Articles
0Sub-techniques
1Tactic
↑ Parent technique: T1565 · Data Manipulation

Use cases covering this technique (8)

Windows WBAdmin File Recovery From Backup ESCU actions · hunting P [LLM] Baileys messages.upsert event carrying a requestId field (exploit signature) Bespoke actions · alerting SPDD [LLM] nebula-mesh CVE-2026-47724 — cross-tenant firewall mutation via PUT /api/v1/networks/{id}/firewall Bespoke actions · hunting SΣPDD [LLM] Unauthenticated POST to AIT-BSC /<name>/start with path-traversal form fields (CVE-2026-47731) Bespoke exploit · alerting DSΣPDD [LLM] Security vendor domain blackhole written to /etc/hosts from non-admin process Bespoke exploit · alerting DSΣPDDCS [LLM] AI coding agent bulk-deleting JUnit test files after jqwik resolution Bespoke actions · alerting DSPDDCS [LLM] IIS worker (w3wp.exe) writing robots.txt / .php / .js into web root Bespoke actions · alerting DSΣPDDCS [LLM] fast16 Sabotage Framework Hash IOC Sweep (svcmgmt.exe / fast16.sys / svcmgmt.dll) Bespoke install · alerting DSΣP

Articles citing this technique (7)

crit [GHSA / CRITICAL] CVE-2026-48063: Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted pr art-57
crit [GHSA / CRITICAL] CVE-2026-47724: nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation art-96
crit [GHSA / CRITICAL] CVE-2026-47731: NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over th art-116
crit Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign art-139
high Protestware by open source maintainer to hinder agentic coding: The jqwik 1.10.0 Prompt Injection art-151
crit From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat art-265
crit fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet art-360