Detecttechnique
D3-SCASystem Call Analysis
System Call Analysis
Definition
Analyzing system calls to determine whether a process is exhibiting unauthorized behavior.
Defends against40
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | Process Discoveryt1057 | 100% | live |
| SubTechnique | CMSTPt1218.003 | 100% | live |
| Technique | Remote System Discoveryt1018 | 100% | live |
| Technique | System Information Discoveryt1082 | 100% | live |
| SubTechnique | Bypass User Account Controlt1548.002 | 100% | live |
| SubTechnique | Match Legitimate Name or Locationt1036.005 | 100% | live |
| SubTechnique | Parent PID Spoofingt1134.004 | 100% | live |
| SubTechnique | Mavinjectt1218.013 | 100% | live |
| Technique | Native APIt1106 | 100% | live |
| SubTechnique | SQL Stored Procedurest1505.001 | 100% | live |
| SubTechnique | Asynchronous Procedure Callt1055.004 | 100% | live |
| SubTechnique | Time Based Evasiont1497.003 | 100% | live |
| Technique | Scheduled Task/Jobt1053 | 100% | live |
| SubTechnique | Thread Execution Hijackingt1055.003 | 100% | live |
| SubTechnique | Compiled HTML Filet1218.001 | 100% | live |
| Technique | Screen Capturet1113 | 100% | live |
| SubTechnique | Dynamic-link Library Injectiont1055.001 | 100% | live |
| Technique | Windows Management Instrumentationt1047 | 100% | live |
| SubTechnique | Elevated Execution with Promptt1548.004 | 100% | live |
| SubTechnique | AppCert DLLst1546.009 | 100% | live |
| SubTechnique | Credentials from Web Browserst1555.003 | 100% | live |
| SubTechnique | Ptrace System Callst1055.008 | 100% | live |
| SubTechnique | Process Doppelgängingt1055.013 | 100% | live |
| Technique | System Network Connections Discoveryt1049 | 100% | live |
| Technique | System Network Configuration Discoveryt1016 | 100% | live |
| SubTechnique | Local Data Stagingt1074.001 | 100% | live |
| SubTechnique | Control Panelt1218.002 | 100% | live |
| SubTechnique | Mshtat1218.005 | 100% | live |
| Technique | System Owner/User Discoveryt1033 | 100% | live |
| Technique | Deobfuscate/Decode Files or Informationt1140 | 100% | live |
Showing top 30 of 40 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.