{
  "type": "x-mitre-detection-strategy",
  "spec_version": "2.1",
  "id": "x-mitre-detection-strategy--b045b89e-3095-41c3-a04d-d40075f14cd8",
  "created": "2025-10-21T15:10:28.402Z",
  "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
  "revoked": false,
  "external_references": [
    {
      "source_name": "mitre-attack",
      "url": "https://attack.mitre.org/detectionstrategies/DET0407",
      "external_id": "DET0407"
    }
  ],
  "object_marking_refs": [
    "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
  ],
  "modified": "2026-05-12T16:34:50.688Z",
  "name": "Detection of Local Account Abuse for Initial Access and Persistence",
  "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
  "x_mitre_deprecated": false,
  "x_mitre_version": "1.0",
  "x_mitre_attack_spec_version": "3.3.0",
  "x_mitre_domains": [
    "enterprise-attack"
  ],
  "x_mitre_analytic_refs": [
    "x-mitre-analytic--9c53e92a-3659-4137-881a-f4002af9c688",
    "x-mitre-analytic--269f36b6-77fa-4959-9e63-e30036c991d7",
    "x-mitre-analytic--d6288db6-ff55-4720-b0ee-7aca3e65cc72"
  ]
}