Detecttechnique

D3-PAProcess Analysis

Process Analysis

Definition

Defends against59

TypeTargetConfidenceTier
TechniqueUse Alternate Authentication Materialt1550100%live
TechniqueNative APIt1106100%live
SubTechniqueThread Execution Hijackingt1055.003100%live
TechniqueScheduled Task/Jobt1053100%live
SubTechniqueParent PID Spoofingt1134.004100%live
SubTechniqueRundll32t1218.011100%live
TechniqueModify Authentication Processt1556100%live
TechniqueSystem Information Discoveryt1082100%live
TechniqueQuery Registryt1012100%live
TechniqueApplication Window Discoveryt1010100%live
SubTechniqueProcess Hollowingt1055.012100%live
SubTechniqueScheduled Taskt1053.005100%live
SubTechniqueLSA Secretst1003.004100%live
SubTechniqueLocal Data Stagingt1074.001100%live
SubTechniqueControl Panelt1218.002100%live
TechniqueSystem Service Discoveryt1007100%live
SubTechniqueDisable or Modify Toolst1562.001100%live
TechniqueWindows Management Instrumentationt1047100%live
SubTechniqueNetsh Helper DLLt1546.007100%live
SubTechniqueLSASS Memoryt1003.001100%live
SubTechniqueCredential API Hookingt1056.004100%live
SubTechniqueProcess Doppelgängingt1055.013100%live
SubTechniqueWeb Shellt1505.003100%live
TechniqueMulti-Factor Authentication Request Generationt1621100%live
SubTechniqueAppInit DLLst1546.010100%live
SubTechniqueTime Based Evasiont1497.003100%live
TechniqueExploit Public-Facing Applicationt1190100%live
SubTechniqueVDSO Hijackingt1055.014100%live
TechniqueSystem Network Configuration Discoveryt1016100%live
TechniqueRemote System Discoveryt1018100%live

Showing top 30 of 59 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
File Analysis
Defence
Identifier Analysis
Defence
System Mapping
Defence
Operational Activity Mapping
Defence
Message Analysis
Defence
Platform Monitoring
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.