Executable Binary

Access Control Configuration

Access Control List

Access Token

Administrative Network Traffic

Alias

Application

Application Configuration

Application Configuration Database

Application Configuration Database Record

Application Configuration File

Application Layer Firewall

Application Process

Application Process Configuration

Application Rule

Application Shim

Archive File

Artifact Server

Asymmetric Key

Audio Input Device

Authenticate User

Authentication

Authentication Log

Authentication Server

Authentication Service

Authorization

Authorization Log

Authorization Service

Barcode Scanner Input Device

Binary Large Object

Binary Segment

Blob

Block Device

Boot Loader

Boot Record

Boot Sector

Browser

Browser Extension

Build Tool

Business Communication Platform Client

CA Certificate File

Call Stack

Certificate

Certificate File

Certificate Trust Store

Chatroom Client

Child Process

Client Application

Client Computer

Clipboard

Cloud Configuration

Cloud Instance Metadata

Cloud Service Authentication

Cloud Service Authorization

Cloud Storage

Cloud User Account

Code Analyzer

Code Repository

Collaborative Software

Command

Command History Log

Command History Log File

Command Line Interface

Compiler

Compiler Configuration File

Computing Server

Configuration Bearing Entity

Configuration File

Connect Socket

Container Build Tool

Container Image

Container Orchestration Software

Container Process

Container Runtime

Copy Token

Create File

Create Process

Create Socket

Create Thread

Credential

Credential Management System

Cryptographic Key

Custom Archive File

DNS Lookup

DNS Network Traffic

DNS Record

DNS Server

Data Artifact Server

Database

Database Query

Database Server

Decoy Artifact

Default User Account

Desktop Computer

Developer Application

Dial Up Modem

Digital Artifact

Digital System

Directory

Directory Service

Display Adapter

Display Device Driver

Display Server

Document File

Domain Name

Domain Registration

Domain User Account

Dynamic Analysis Tool

Email Attachment

Email Rule

Embedded Computer

Enclave

Encrypted Credential

Encrypted Password

Event Log

Exception Handler

Executable Binary

Executable File

Executable Script

Fast Symbolic Link

File

File Section

File Server

File Share Service

File System

File System Link

File System Metadata

File Transfer Network Traffic

Finger Print Scanner Input Device

Firewall

Firmware

First-stage Boot Loader

Forward Proxy Server

Get System Time

Global User Account

Graphical User Interface

Graphics Card Firmware

Group Policy

HTML File

Hard Disk Firmware

Hard Link

Hardware Device

Hardware Driver

Heap Segment

Host

Host-based Firewall

Hostname

Human Input Device Firmware

IP Address

IPC Network Traffic

IP Phone

Identifier

Image Code Segment

Image Data Segment

Image Scanner Input Device

Image Segment

Impersonate User

In-memory Password Store

Inbound Internet DNS Response Traffic

Inbound Internet Mail Traffic

Inbound Internet Network Traffic

Inbound Network Traffic

Init Script

Input Device

Instant Messaging Client

Integration Test Execution Tool

Internet DNS Lookup

Internet File Transfer Traffic

Internet Network

Internet Network Traffic

Interprocess Communication

Intranet Administrative Network Traffic

Intranet DNS Lookup

Intranet File Transfer Traffic

Intranet IPC Network Traffic

Intranet Multicast Network Traffic

Intranet Network

Intranet Network Traffic

Intranet RPC Network Traffic

Intranet Web Network Traffic

Intrusion Detection System

Intrusion Prevention System

JavaScript Blob

Kerberos TIcket

Kerberos Ticket Granting Service Ticket

Kerberos Ticket Granting Ticket

Kernel

Kernel Module

Kernel Process Table

Keyboard Input Device

Kiosk Computer

Laptop Computer

Legacy System

Local Area Network

Local Area Network Traffic

Local Authentication Service

Local Authorization Service

Local Resource

Local Resource Access

Local User Account

Log

Log File

Logon User

MacOS Keychain

Mail Network Traffic

Mail Server

Mail Service

Media Server

Message Transfer Agent

Metadata

Microcode

Mobile Phone

Modem

Mouse Input Device

Move File

NTFS Hard Link

NTFS Junction Point

NTFS Link

NTFS Symbolic Link

Network

Network Card Firmware

Network Directory Resource

Network File Resource

Network File Share Resource

Network Flow

Network Init Script File Resource

Network Node

Network Packet

Network Printer

Network Resource

Network Resource Access

Network Service

Network Session

Network Traffic

Object File

Office Application

Office Application File

Open File

Operating System

Operating System Configuration

Operating System Configuration Component

Operating System Configuration File

Operating System Executable File

Operating System File

Operating System Log File

Operating System Packaging Tool

Operating System Process

Operating System Shared Library File

Operations Center Computer

Optical Modem

Orchestration Controller

Orchestration Server

Orchestration Worker

Outbound Internet DNS Lookup Traffic

Outbound Internet Encrypted Remote Terminal Traffic

Outbound Internet Encrypted Traffic

Outbound Internet Encrypted Web Traffic

Outbound Internet File Transfer Traffic

Outbound Internet Mail Traffic

Outbound Internet Network Traffic

Outbound Internet RPC Traffic

Outbound Internet Web Traffic

Outbound Network Traffic

Output Device

POSIX Symbolic Link

Packet Log

Parent Process

Partition

Partition Table

Password

Password Database

Password File

Password Manager

Password Store

Peripheral Firmware

Peripheral Hub Firmware

Personal Computer

Physical Location

Pipe

Platform

Pointer

PowerShell Profile Script

Print Server

Private Key

Privileged User Account

Process

Process Code Segment

Process Data Segment

Process Environment Variable

Process Image

Process Segment

Process Tree

Property List File

Proxy Server

Public Key

RDP Session

RPC Network Traffic

Radio Modem

Read File

Record

Remote Authentication Service

Remote Authorization Service

Remote Command

Remote Database Query

Remote Procedure Call

Remote Resource

Remote Session

Remote Terminal Session

Removable Media Device

Resource

Resource Access

Resource Fork

Reverse Proxy Server

Router

SSH Session

Saved Instruction Pointer

Script Application Process

Second-stage Boot Loader

Security Token

Server

Service Application

Session

Session Cookie

Shared Computer

Shared Library File

Shim

Shim Database

Shortcut File

Slow Symbolic Link

Software

Software Artifact Server

Software Deployment Tool

Software Packaging Tool

Software Patch

Source Code Analyzer Tool

Stack Component

Stack Frame

Stack Frame Canary

Stack Segment

Startup Directory

Static Analysis Tool

Storage

Stored Procedure

Subroutine

Switch

Symbolic Link

Symmetric Key

System Call

System Configuration Database

System Configuration Database Record

System Configuration Init Database Record

System Configuration Init Resource

System Firewall Configuration

System Firmware

System Init Configuration

System Init Process

System Init Script

System Password Database

System Service Software

System Software

System Startup Directory

System Time Application

System Utilization Record

Tablet Computer

Task Schedule

Task Scheduler Process

Task Scheduler Software

Terminate Process

Test Execution Tool

Thin Client Computer

Ticket Granting Ticket

Trace Process

Trust Store

URL

Unit Test Execution Tool

Unix Hard Link

Unix Link

User

User Account

User Action

User Application

User Behavior

User Init Configuration File

User Init Script

User Interface

User Logon Init Resource

User Process

User Startup Directory

User Startup Script File

User to User Message

Utility Software

VPN Server

Version Control Tool

Video Input Device

Virtualization Software

Volume

Volume Boot Record

Web Application Firewall

Web Application Server

Web Authentication

Web File Resource

Web Network Traffic

Web Resource Access

Web Script File

Web Server

Web Server Application

Wide Area Network

Windows Registry

Windows Registry Key

Windows Shortcut File

Wireless Access Point

Wireless Router

Write File

Zero Client Computer

Object Properties

name: Executable Binary
abbreviated IRI: d3f:ExecutableBinary
definition: An executable binary contains machine code instructions for a physical CPU. D3FEND also considers byte code for a virtual machine to be binary code. This is in contrast to executable scripts written in a scripting language.
see also: http://dbpedia.org/resource/Executable

Neighbors

Inferred Relationships

This page is experimental and may change significantly in future releases.

Hierarchy

(filtered)

Related Countermeasure Techniques

graph LR; DynamicAnalysis["Dynamic Analysis"] --> | analyzes | ExecutableFile["Executable File"]; class DynamicAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click DynamicAnalysis href "/technique/d3f:DynamicAnalysis"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";EmulatedFileAnalysis["Emulated File Analysis"] --> | analyzes | ExecutableFile["Executable File"]; class EmulatedFileAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click EmulatedFileAnalysis href "/technique/d3f:EmulatedFileAnalysis"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";ExecutableAllowlisting["Executable Allowlisting"] --> | blocks | ExecutableFile["Executable File"]; class ExecutableAllowlisting DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableAllowlisting href "/technique/d3f:ExecutableAllowlisting"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";ExecutableDenylisting["Executable Denylisting"] --> | blocks | ExecutableFile["Executable File"]; class ExecutableDenylisting DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableDenylisting href "/technique/d3f:ExecutableDenylisting"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";DecoyFile["Decoy File"] --> | spoofs | File["File"]; class DecoyFile DefensiveTechniqueNode; class File ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; click File href "/dao/artifact/d3f:File";FileAnalysis["File Analysis"] --> | analyzes | File["File"]; class FileAnalysis DefensiveTechniqueNode; class File ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis"; click File href "/dao/artifact/d3f:File";FileEncryption["File Encryption"] --> | encrypts | File["File"]; class FileEncryption DefensiveTechniqueNode; class File ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; click File href "/dao/artifact/d3f:File";LocalFilePermissions["Local File Permissions"] --> | restricts | File["File"]; class LocalFilePermissions DefensiveTechniqueNode; class File ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; click File href "/dao/artifact/d3f:File";

Executable Binary

Object Properties

Neighbors

Inferred Relationships

Hierarchy

Related Countermeasure Techniques

Related Offensive Techniques