This page is experimental and may change significantly in future
releases.
Executable Binary
Access Control Configuration
Access Control List
Access Token
Activity Dependency
Address Space
Administrative Network Traffic
Alias
Allocate Memory
Application
Application Configuration
Application Configuration Database
Application Configuration Database Record
Application Configuration File
Application Installer
Application Inventory Sensor
Application Layer Firewall
Application Layer Link
Application Process
Application Process Configuration
Application Rule
Application Shim
Archive File
Artifact Server
Asymmetric Key
Audio Input Device
Authenticate User
Authentication
Authentication Function
Authentication Log
Authentication Server
Authentication Service
Authorization
Authorization Log
Authorization Service
Barcode Scanner Input Device
Binary Large Object
Binary Segment
Blob
Block Device
Boot Loader
Boot Record
Boot Sector
Browser
Browser Extension
Build Tool
Business Communication Platform Client
CA Certificate File
Processor Cache Memory
Call Stack
Central Processing Unit
Certificate
Certificate File
Certificate Trust Store
Chatroom Client
Child Process
Client Application
Client Computer
Clipboard
Cloud Configuration
Cloud Instance Metadata
Cloud Service Authentication
Cloud Service Authorization
Cloud Service Sensor
Cloud Storage
Cloud User Account
Code Analyzer
Code Repository
Collaborative Software
Network Agent
Command
Command History Log
Command History Log File
Command Line Interface
Compiler
Compiler Configuration File
Computing Server
Configuration Database
Configuration Database Record
Configuration File
Configuration Management Database
Configuration Resource
Connect Socket
Console Output Function
Container Build Tool
Container Image
Container Orchestration Software
Container Process
Container Runtime
Copy Memory Function
Copy Token
Create File
Create Process
Create Socket
Create Thread
Credential
Credential Management System
Cryptographic Key
Custom Archive File
DNS Lookup
DNS Network Traffic
DNS Record
DNS Server
Data Artifact Server
Data Dependency
Data Link Link
Database
Database File
Database Query
Database Server
Decoy Artifact
Default User Account
Dependency
Deserialization Function
Desktop Computer
Developer Application
Dial Up Modem
Digital Artifact
Digital System
Directory
Directory Service
Display Adapter
Display Device Driver
Display Server
Document File
Domain Name
Domain Registration
Domain User Account
Dynamic Analysis Tool
Email
Email Attachment
Email Rule
Embedded Computer
Enclave
Encrypted Credential
Encrypted Password
Endpoint Sensor
Eval Function
Event Log
Exception Handler
Executable Binary
Executable File
Executable Script
External Content Inclusion Function
Fast Symbolic Link
File
File Hash
File Path Open Function
File Section
File Server
File Share Service
File System
File System Link
File System Metadata
File System Sensor
File Transfer Network Traffic
Finger Print Scanner Input Device
Firewall
Firmware
Firmware Sensor
First-stage Boot Loader
Flash Memory
Forward Proxy Server
Free Memory
Get Open Sockets
Get Open Windows
Get Running Processes
Get Screen Capture
Get System Config Value
Get System Network Config Value
Get System Time
Global User Account
Graphical User Interface
Graphics Card Firmware
Graphics Processing Unit
Group Policy
HTML File
Hard Disk Firmware
Hard Link
Hardware Device
Hardware Driver
Heap Segment
Host
Host-based Firewall
Host Configuration Sensor
Hostname
Human Input Device Firmware
IP Address
IPC Network Traffic
IP Phone
Identifier
Image Code Segment
Image Data Segment
Image Scanner Input Device
Image Segment
Impersonate User
Import Library Function
In-memory Password Store
Inbound Internet DNS Response Traffic
Inbound Internet Mail Traffic
Inbound Internet Network Traffic
Inbound Network Traffic
Init Script
Input Device
Input Function
Instant Messaging Client
Integration Test Execution Tool
Internet DNS Lookup
Internet File Transfer Traffic
Internet Network
Internet Network Traffic
Interprocess Communication
Intranet Administrative Network Traffic
Intranet DNS Lookup
Intranet File Transfer Traffic
Intranet IPC Network Traffic
Intranet Multicast Network Traffic
Intranet Network
Intranet Network Traffic
Intranet RPC Network Traffic
Intranet Web Network Traffic
Intrusion Detection System
Intrusion Prevention System
Java Archive
JavaScript Blob
Kerberos Ticket
Kerberos Ticket Granting Service Ticket
Kerberos Ticket Granting Ticket
Kernel
Kernel API Sensor
Kernel Module
Kernel Process Table
Keyboard Input Device
Kiosk Computer
Laptop Computer
Legacy System
Link
Local Area Network
Local Area Network Traffic
Local Authentication Service
Local Authorization Service
Local Resource
Local Resource Access
Local User Account
Log
Log File
Log Message Function
Logical Link
Login Session
Logon User
MacOS Keychain
Mail Network Traffic
Mail Server
Mail Service
Mathematical Function
Media Server
Memory Address
Memory Address Space
Memory Allocation Function
Memory Block
Memory Extent
Memory Free Function
Memory Management Unit
Memory Management Unit Component
Memory Pool
Memory Protection Unit
Memory Word
Message Transfer Agent
Metadata
Microcode
Mobile Phone
Modem
Mouse Input Device
Move File
Multimedia Document File
NTFS Hard Link
NTFS Junction Point
NTFS Link
NTFS Symbolic Link
Network
Network Card Firmware
Network Directory Resource
Network File Resource
Network File Share Resource
Network Flow
Network Flow Sensor
Network Init Script File Resource
Network Link
Network Node
Network Packet
Network Printer
Network Protocol Analyzer
Network Resource
Network Resource Access
Network Sensor
Network Service
Network Session
Network Traffic
Network Traffic Analysis Software
Object File
Office Application
Office Application File
Open File
Operating System
Operating System Configuration
Operating System Configuration Component
Operating System Configuration File
Operating System Executable File
Operating System File
Operating System Log File
Operating System Packaging Tool
Operating System Process
Operating System Shared Library File
Operations Center Computer
Optical Modem
Orchestration Controller
Orchestration Server
Orchestration Worker
Outbound Internet DNS Lookup Traffic
Outbound Internet Encrypted Remote Terminal Traffic
Outbound Internet Encrypted Traffic
Outbound Internet Encrypted Web Traffic
Outbound Internet File Transfer Traffic
Outbound Internet Mail Traffic
Outbound Internet Network Traffic
Outbound Internet RPC Traffic
Outbound Internet Web Traffic
Outbound Network Traffic
Output Device
POSIX Symbolic Link
Packet Log
Page
Page Frame
Page Table
Parent Process
Partition
Partition Table
Password
Password Database
Password File
Password Manager
Password Store
Peripheral Firmware
Peripheral Hub Firmware
Personal Computer
Physical Address
Physical Link
Physical Location
Pipe
Platform
Pointer
Pointer Dereferencing Function
PowerShell Profile Script
Primary Storage
Print Server
Private Key
Privileged User Account
Process
Process Code Segment
Process Data Segment
Process Environment Variable
Process Image
Process Segment
Process Start Function
Process Tree
Processor
Processor Component
Processor Register
Property List File
Proxy Server
Public Key
Python Package
Python Script File
RAM
RDP Session
RF Node
RF Receiver
RF Transceiver
RF Transmitter
ROM
RPC Network Traffic
Radio Modem
Raw Memory Access Function
Read File
Record
Remote Authentication Service
Remote Authorization Service
Remote Command
Remote Database Query
Remote Procedure Call
Remote Resource
Remote Session
Remote Terminal Session
Removable Media Device
Resource
Resource Access
Resource Fork
Reverse Proxy Server
Router
SSH Session
Saved Instruction Pointer
Script Application Process
Second-stage Boot Loader
Secondary Storage
Security Token
Sensor
Serialization Function
Server
Service Application
Service Application Process
Service Dependency
Session
Session Cookie
Set System Config Value
Shadow Stack
Shared Computer
Shared Library File
Shared Resource Access Function
Shim
Shim Database
Shortcut File
Slow Symbolic Link
Software
Software Artifact Server
Software Deployment Tool
Software Library
Software Library File
Software Package
Software Packaging Tool
Software Patch
Source Code Analyzer Tool
Stack Component
Stack Frame
Stack Frame Canary
Stack Segment
Startup Directory
Static Analysis Tool
Storage
Stored Procedure
String Format Function
Subroutine
Suspend Process
Switch
Symbolic Link
Symmetric Key
System Call
System Config System Call
System Configuration Database
System Configuration Database Record
System Configuration Init Database Record
System Configuration Init Resource
System Dependency
System Firewall Configuration
System Firmware
System Init Configuration
System Init Process
System Init Script
System Password Database
System Service Software
System Software
System Startup Directory
System Time Application
System Utilization Record
Tablet Computer
Task Schedule
Task Scheduler Process
Task Scheduler Software
Terminate Process
Tertiary Storage
Test Execution Tool
Thin Client Computer
Thread
Thread Start Function
Ticket Granting Ticket
Trace Process
Translation Lookaside Buffer
Transport Link
Trust Store
URL
Unit Test Execution Tool
Unix Hard Link
Unix Link
User
User Account
User Action
User Application
User Behavior
User Init Configuration File
User Init Script
User Input Function
User Interface
User Logon Init Resource
User Process
User Startup Directory
User Startup Script File
User to User Message
Utility Software
VPN Server
Version Control Tool
Video Input Device
Virtual Address
Virtual Memory Space
Virtualization Software
Volume
Volume Boot Record
Web Application Firewall
Web Application Server
Web Authentication
Web File Resource
Web Network Traffic
Web Resource Access
Web Script File
Web Server
Web Server Application
Wide Area Network
Windows Registry
Windows Registry Key
Windows Shortcut File
Wireless Access Point
Wireless Router
Write File
Zero Client Computer
Object Properties
- name
- Executable Binary
- definition
- An executable binary contains machine code instructions for a physical CPU. D3FEND also considers byte code for a virtual machine to be binary code. This is in contrast to executable scripts written in a scripting language.
- see also
- http://dbpedia.org/resource/Executable
Neighbors
graph LR;
d3f:Process["Process"] --> | process-image-path | d3f:ExecutableBinary["Executable Binary"];
class d3f:Process inbound_node;
style d3f:Process fill:#fff4dd;
class d3f:ExecutableBinary RootArtifactNode;
style d3f:ExecutableBinary fill:#fff4dd;
click d3f:Process href "/dao/artifact/d3f:Process";
click d3f:ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";d3f:SoftwareLibraryFile["Software Library File"] --> | may-contain | d3f:ExecutableBinary["Executable Binary"];
class d3f:SoftwareLibraryFile inbound_node;
style d3f:SoftwareLibraryFile fill:#fff4dd;
class d3f:ExecutableBinary RootArtifactNode;
style d3f:ExecutableBinary fill:#fff4dd;
click d3f:SoftwareLibraryFile href "/dao/artifact/d3f:SoftwareLibraryFile";
click d3f:ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";
d3f:ExecutableBinary["Executable Binary"] --> | contains | d3f:ImageCodeSegment["Image Code Segment"];
class d3f:ExecutableBinary RootArtifactNode; class d3f:ImageCodeSegment ArtifactNode;
click d3f:ExecutableBinary href "/dao/artifact/undefined";
click d3f:ImageCodeSegment href "/dao/artifact/d3f:ImageCodeSegment";d3f:ExecutableBinary["Executable Binary"] --> | contains | d3f:ImageDataSegment["Image Data Segment"];
class d3f:ExecutableBinary RootArtifactNode; class d3f:ImageDataSegment ArtifactNode;
click d3f:ExecutableBinary href "/dao/artifact/undefined";
click d3f:ImageDataSegment href "/dao/artifact/d3f:ImageDataSegment";d3f:ExecutableBinary["Executable Binary"] --> | may-interpret | d3f:ExecutableScript["Executable Script"];
class d3f:ExecutableBinary RootArtifactNode; class d3f:ExecutableScript ArtifactNode;
click d3f:ExecutableBinary href "/dao/artifact/undefined";
click d3f:ExecutableScript href "/dao/artifact/d3f:ExecutableScript";
Inferred Relationships
Hierarchy
(filtered)
Related Countermeasure Techniques
graph LR;
DynamicAnalysis["Dynamic Analysis"] -->
| analyzes | ExecutableFile["Executable File"]; class DynamicAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click DynamicAnalysis href "/technique/d3f:DynamicAnalysis"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";EmulatedFileAnalysis["Emulated File Analysis"] -->
| analyzes | ExecutableFile["Executable File"]; class EmulatedFileAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click EmulatedFileAnalysis href "/technique/d3f:EmulatedFileAnalysis"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";ExecutableAllowlisting["Executable Allowlisting"] -->
| blocks | ExecutableFile["Executable File"]; class ExecutableAllowlisting DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableAllowlisting href "/technique/d3f:ExecutableAllowlisting"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";ExecutableDenylisting["Executable Denylisting"] -->
| blocks | ExecutableFile["Executable File"]; class ExecutableDenylisting DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableDenylisting href "/technique/d3f:ExecutableDenylisting"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";DecoyFile["Decoy File"] -->
| spoofs | File["File"]; class DecoyFile DefensiveTechniqueNode; class File ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; click File href "/dao/artifact/d3f:File";FileAnalysis["File Analysis"] -->
| analyzes | File["File"]; class FileAnalysis DefensiveTechniqueNode; class File ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis"; click File href "/dao/artifact/d3f:File";FileRemoval["File Removal"] -->
| deletes | File["File"]; class FileRemoval DefensiveTechniqueNode; class File ArtifactNode; click FileRemoval href "/technique/d3f:FileRemoval"; click File href "/dao/artifact/d3f:File";FileEncryption["File Encryption"] -->
| encrypts | File["File"]; class FileEncryption DefensiveTechniqueNode; class File ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; click File href "/dao/artifact/d3f:File";LocalFilePermissions["Local File Permissions"] -->
| restricts | File["File"]; class LocalFilePermissions DefensiveTechniqueNode; class File ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; click File href "/dao/artifact/d3f:File";
Related Weaknesses
ExecutableBinary has no related weaknesses in this release.
Related Offensive Techniques
graph LR;
T1027001["Binary Padding"] --> |modifies| ExecutableBinary["Executable Binary"]; class T1027001 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1027001 href "/offensive-technique/attack/T1027.001/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1036001["Invalid Code Signature"] --> |creates| ExecutableBinary["Executable Binary"]; class T1036001 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1036001 href "/offensive-technique/attack/T1036.001/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1055003["Thread Execution Hijacking"] --> |may-add| ExecutableBinary["Executable Binary"]; class T1055003 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1055003 href "/offensive-technique/attack/T1055.003/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1546006["LC_LOAD_DYLIB Addition"] --> |modifies| ExecutableBinary["Executable Binary"]; class T1546006 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1546006 href "/offensive-technique/attack/T1546.006/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1546008["Accessibility Features"] --> |may-modify| ExecutableBinary["Executable Binary"]; class T1546008 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1546008 href "/offensive-technique/attack/T1546.008/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1546015["Component Object Model Hijacking"] --> |loads| ExecutableBinary["Executable Binary"]; class T1546015 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1546015 href "/offensive-technique/attack/T1546.015/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";