This page is experimental and may change significantly in future
releases.
Executable Binary
Object Properties
- name
- Executable Binary
- abbreviated IRI
- d3f:ExecutableBinary
- definition
- An executable binary contains machine code instructions for a physical CPU. D3FEND also considers byte code for a virtual machine to be binary code. This is in contrast to executable scripts written in a scripting language.
- see also
- http://dbpedia.org/resource/Executable
Neighbors
graph LR;
d3f:Process["Process"] --> | process-image-path | d3f:ExecutableBinary["Executable Binary"];
class d3f:Process ArtifactNode; class d3f:ExecutableBinary RootArtifactNode;
click d3f:Process href "/dao/artifact/d3f:Process"; click d3f:ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";
d3f:ExecutableBinary["Executable Binary"] --> | contains | d3f:ImageCodeSegment["Image Code Segment"]; class d3f:ExecutableBinary RootArtifactNode; class d3f:ImageCodeSegment ArtifactNode;
click d3f:ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary"; click d3f:ImageCodeSegment href "/dao/artifact/d3f:ImageCodeSegment";d3f:ExecutableBinary["Executable Binary"] --> | contains | d3f:ImageDataSegment["Image Data Segment"]; class d3f:ExecutableBinary RootArtifactNode; class d3f:ImageDataSegment ArtifactNode;
click d3f:ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary"; click d3f:ImageDataSegment href "/dao/artifact/d3f:ImageDataSegment";d3f:ExecutableBinary["Executable Binary"] --> | may-interpret | d3f:ExecutableScript["Executable Script"]; class d3f:ExecutableBinary RootArtifactNode; class d3f:ExecutableScript ArtifactNode;
click d3f:ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary"; click d3f:ExecutableScript href "/dao/artifact/d3f:ExecutableScript";
Inferred Relationships
Hierarchy
(filtered)
Related Countermeasure Techniques
graph LR;
DynamicAnalysis["Dynamic Analysis"] -->
| analyzes | ExecutableFile["Executable File"]; class DynamicAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click DynamicAnalysis href "/technique/d3f:DynamicAnalysis"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";EmulatedFileAnalysis["Emulated File Analysis"] -->
| analyzes | ExecutableFile["Executable File"]; class EmulatedFileAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click EmulatedFileAnalysis href "/technique/d3f:EmulatedFileAnalysis"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";ExecutableAllowlisting["Executable Allowlisting"] -->
| blocks | ExecutableFile["Executable File"]; class ExecutableAllowlisting DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableAllowlisting href "/technique/d3f:ExecutableAllowlisting"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";ExecutableDenylisting["Executable Denylisting"] -->
| blocks | ExecutableFile["Executable File"]; class ExecutableDenylisting DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableDenylisting href "/technique/d3f:ExecutableDenylisting"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";DecoyFile["Decoy File"] -->
| spoofs | File["File"]; class DecoyFile DefensiveTechniqueNode; class File ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; click File href "/dao/artifact/d3f:File";FileAnalysis["File Analysis"] -->
| analyzes | File["File"]; class FileAnalysis DefensiveTechniqueNode; class File ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis"; click File href "/dao/artifact/d3f:File";FileEncryption["File Encryption"] -->
| encrypts | File["File"]; class FileEncryption DefensiveTechniqueNode; class File ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; click File href "/dao/artifact/d3f:File";LocalFilePermissions["Local File Permissions"] -->
| restricts | File["File"]; class LocalFilePermissions DefensiveTechniqueNode; class File ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; click File href "/dao/artifact/d3f:File";
Related Offensive Techniques
graph LR;
T1027001["Binary Padding"] --> |modifies| ExecutableBinary["Executable Binary"]; class T1027001 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1027001 href "/offensive-technique/attack/T1027.001/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1036001["Invalid Code Signature"] --> |creates| ExecutableBinary["Executable Binary"]; class T1036001 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1036001 href "/offensive-technique/attack/T1036.001/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1055003["Thread Execution Hijacking"] --> |may-add| ExecutableBinary["Executable Binary"]; class T1055003 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1055003 href "/offensive-technique/attack/T1055.003/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1546006["LC_LOAD_DYLIB Addition"] --> |modifies| ExecutableBinary["Executable Binary"]; class T1546006 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1546006 href "/offensive-technique/attack/T1546.006/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1546008["Accessibility Features"] --> |may-modify| ExecutableBinary["Executable Binary"]; class T1546008 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1546008 href "/offensive-technique/attack/T1546.008/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1546015["Component Object Model Hijacking"] --> |loads| ExecutableBinary["Executable Binary"]; class T1546015 OffensiveTechniqueNode;
class ExecutableBinary ArtifactNode; click T1546015 href "/offensive-technique/attack/T1546.015/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";