Detecttechnique

D3-PSMDProcess Self-Modification Detection

Process Self-Modification Detection

Definition

Detects processes that modify, change, or replace their own code at runtime.

Defends against14

TypeTargetConfidenceTier
TechniqueScheduled Task/Jobt1053100%live
TechniqueMulti-Factor Authentication Request Generationt1621100%live
SubTechniqueTransport Agentt1505.002100%live
SubTechniqueWeb Shellt1505.003100%live
SubTechniqueSecurity Account Managert1003.002100%live
SubTechniqueDisable or Modify Toolst1562.001100%live
TechniqueModify Authentication Processt1556100%live
TechniqueUse Alternate Authentication Materialt1550100%live
SubTechniqueLSASS Memoryt1003.001100%live
SubTechniqueNetsh Helper DLLt1546.007100%live
TechniqueSystem Owner/User Discoveryt1033100%live
SubTechniqueLSA Secretst1003.004100%live
TechniqueExploitation for Credential Accesst1212100%live
SubTechniqueScheduled Taskt1053.005100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
System Daemon Monitoring
Defence
Process Spawn Analysis
Defence
Service Binary Verification
Defence
Process Code Segment Verification
Defence
File Integrity Monitoring
Defence
Protocol Metadata Anomaly Detection
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.