T1565 — Data Manipulation

Technique: T1565
Tactics: Impact
MISP citations: 0
KEV CVEs mapped: 2
Community rules: 3
thrunt rules: 0
Upstream: https://attack.mitre.org/techniques/T1565

MITRE description

Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.(Citation: Sygnia Elephant Beetle Jan 2022) By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making. The type of modification and the impact it will have depends on the target application and process as well as the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system that would typically be gained through a prolonged information gathering campaign in order to have the desired impact.

KEV CVEs mapped to this technique

Per MITRE CTID's hand-curated KEV→ATT&CK mappings — these are the actively-exploited vulnerabilities behind this technique's KEV signal.

Detection coverage

SigmaHQ community rules

AWS EC2 Disable EBS Encryption (core)
Google Cloud Re-identifies Sensitive Information (core)
Powershell Add Name Resolution Policy Table Rule (core)

Signal counts reflect the current corpus snapshot: MISP citations are regex-extracted from CIRCL OSINT event text and galaxy tags; KEV mappings come from MITRE CTID; community coverage is the SigmaHQ rule inventory (core, emerging-threats, threat-hunting collections) at release r2026-04-01. Rule bodies are not mirrored — links go upstream.