Detecttechnique
D3-DADynamic Analysis
Dynamic Analysis
Definition
Executing or opening a file in a synthetic "sandbox" environment to determine if the file is a malicious program or if the file exploits another program such as a document reader.
Defends against38
| Type | Target | Confidence | Tier |
|---|---|---|---|
| SubTechnique | Spearphishing Attachmentt1566.001 | 100% | live |
| SubTechnique | Invalid Code Signaturet1036.001 | 100% | live |
| SubTechnique | Outlook Formst1137.003 | 100% | live |
| SubTechnique | Malicious Filet1204.002 | 100% | live |
| SubTechnique | Accessibility Featurest1546.008 | 100% | live |
| SubTechnique | Runtime Data Manipulationt1565.003 | 100% | live |
| SubTechnique | Web Shellt1505.003 | 100% | live |
| SubTechnique | Binary Paddingt1027.001 | 100% | live |
| SubTechnique | Trapt1546.005 | 100% | live |
| SubTechnique | Component Object Model Hijackingt1546.015 | 100% | live |
| SubTechnique | LC_LOAD_DYLIB Additiont1546.006 | 100% | live |
| SubTechnique | Bypass User Account Controlt1548.002 | 100% | live |
| SubTechnique | Path Interception by Unquoted Patht1574.009 | 100% | live |
| SubTechnique | Compile After Deliveryt1027.004 | 100% | live |
| SubTechnique | Office Template Macrost1137.001 | 100% | live |
| SubTechnique | Impair Command History Loggingt1562.003 | 100% | live |
| SubTechnique | RC Scriptst1037.004 | 100% | live |
| SubTechnique | PowerShell Profilet1546.013 | 100% | live |
| SubTechnique | Software Packingt1027.002 | 100% | live |
| SubTechnique | Rename System Utilitiest1036.003 | 100% | live |
| Technique | Command and Scripting Interpretert1059 | 100% | live |
| SubTechnique | Path Interception by PATH Environment Variablet1574.007 | 100% | live |
| SubTechnique | Registry Run Keys / Startup Foldert1547.001 | 100% | live |
| Technique | XSL Script Processingt1220 | 100% | live |
| SubTechnique | Login Hookt1037.002 | 100% | live |
| SubTechnique | Screensavert1546.002 | 100% | live |
| SubTechnique | Logon Script (Windows)t1037.001 | 100% | live |
| Technique | Deobfuscate/Decode Files or Informationt1140 | 100% | live |
| SubTechnique | Network Logon Scriptt1037.003 | 100% | live |
| SubTechnique | Mshtat1218.005 | 100% | live |
Showing top 30 of 38 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.