Artifact Details: Process

Object Properties

name: Process
identifier: d3f:Process
definition: A process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system (OS), a process may be made up of multiple threads of execution that execute instructions concurrently. A computer program is a passive collection of instructions, while a process is the actual execution of those instructions. Several processes may be associated with the same program; for example, opening up several instances of the same program often means more than one process is being executed.
defined by: http://dbpedia.org/page/Process_(computing)

Parent Classes

Inferred Relationships

Note: the inference is not fully transitive in this release. This page is experimental and will change significantly in future releases.

Sub Classes:

filtered

Related Countermeasure Techniques:

graph LR; Hardware-basedProcessIsolation["Hardware-based Process Isolation"] --> | isolates | Process["Process"]; class Hardware-basedProcessIsolation DefensiveTechniqueNode; class Process ArtifactNode; click Hardware-basedProcessIsolation href "technique/d3f:Hardware-basedProcessIsolation"; click Process href "dao/artifact/d3f:Process";MandatoryAccessControl["Mandatory Access Control"] --> | isolates | Process["Process"]; class MandatoryAccessControl DefensiveTechniqueNode; class Process ArtifactNode; click MandatoryAccessControl href "technique/d3f:MandatoryAccessControl"; click Process href "dao/artifact/d3f:Process";ProcessLineageAnalysis["Process Lineage Analysis"] --> | analyzes | Process["Process"]; class ProcessLineageAnalysis DefensiveTechniqueNode; class Process ArtifactNode; click ProcessLineageAnalysis href "technique/d3f:ProcessLineageAnalysis"; click Process href "dao/artifact/d3f:Process";ProcessSelf-ModificationDetection["Process Self-Modification Detection"] --> | analyzes | Process["Process"]; class ProcessSelf-ModificationDetection DefensiveTechniqueNode; class Process ArtifactNode; click ProcessSelf-ModificationDetection href "technique/d3f:ProcessSelf-ModificationDetection"; click Process href "dao/artifact/d3f:Process";ProcessSpawnAnalysis["Process Spawn Analysis"] --> | analyzes | Process["Process"]; class ProcessSpawnAnalysis DefensiveTechniqueNode; class Process ArtifactNode; click ProcessSpawnAnalysis href "technique/d3f:ProcessSpawnAnalysis"; click Process href "dao/artifact/d3f:Process";ProcessTermination["Process Termination"] --> | terminates | Process["Process"]; class ProcessTermination DefensiveTechniqueNode; class Process ArtifactNode; click ProcessTermination href "technique/d3f:ProcessTermination"; click Process href "dao/artifact/d3f:Process";ScriptExecutionAnalysis["Script Execution Analysis"] --> | analyzes | ScriptApplicationProcess["Script Application Process"]; class ScriptExecutionAnalysis DefensiveTechniqueNode; class ScriptApplicationProcess ArtifactNode; click ScriptExecutionAnalysis href "technique/d3f:ScriptExecutionAnalysis"; click ScriptApplicationProcess href "dao/artifact/d3f:ScriptApplicationProcess";SystemDaemonMonitoring["System Daemon Monitoring"] --> | monitors | OperatingSystemProcess["Operating System Process"]; class SystemDaemonMonitoring DefensiveTechniqueNode; class OperatingSystemProcess ArtifactNode; click SystemDaemonMonitoring href "technique/d3f:SystemDaemonMonitoring"; click OperatingSystemProcess href "dao/artifact/d3f:OperatingSystemProcess";

Related Offensive Techniques:

graph LR; T1546009["AppCert DLLs"] --> |creates| Process["Process"]; class T1546009 OffensiveTechniqueNode; class Process ArtifactNode; click T1546009 href "/offensive-technique/attack/T1546.009/"; click Process href "dao/artifact/d3f:Process";T1546010["AppInit DLLs"] --> |creates| Process["Process"]; class T1546010 OffensiveTechniqueNode; class Process ArtifactNode; click T1546010 href "/offensive-technique/attack/T1546.010/"; click Process href "dao/artifact/d3f:Process";T1055004["Asynchronous Procedure Call"] --> |may-create| Process["Process"]; class T1055004 OffensiveTechniqueNode; class Process ArtifactNode; click T1055004 href "/offensive-technique/attack/T1055.004/"; click Process href "dao/artifact/d3f:Process";T1053001["At (Linux) Execution"] --> |creates| Process["Process"]; class T1053001 OffensiveTechniqueNode; class Process ArtifactNode; click T1053001 href "/offensive-technique/attack/T1053.001/"; click Process href "dao/artifact/d3f:Process";T1053002["At (Windows) Execution"] --> |creates| Process["Process"]; class T1053002 OffensiveTechniqueNode; class Process ArtifactNode; click T1053002 href "/offensive-technique/attack/T1053.002/"; click Process href "dao/artifact/d3f:Process";T1548002["Bypass User Access Control"] --> |creates| Process["Process"]; class T1548002 OffensiveTechniqueNode; class Process ArtifactNode; click T1548002 href "/offensive-technique/attack/T1548.002/"; click Process href "dao/artifact/d3f:Process";T1053003["Cron Execution"] --> |creates| Process["Process"]; class T1053003 OffensiveTechniqueNode; class Process ArtifactNode; click T1053003 href "/offensive-technique/attack/T1053.003/"; click Process href "dao/artifact/d3f:Process";T1140["Deobfuscate/Decode Files or Information"] --> |creates| Process["Process"]; class T1140 OffensiveTechniqueNode; class Process ArtifactNode; click T1140 href "/offensive-technique/attack/T1140/"; click Process href "dao/artifact/d3f:Process";T1562001["Disable or Modify Tools"] --> |disables| OperatingSystemProcess["Operating System Process"]; class T1562001 OffensiveTechniqueNode; class OperatingSystemProcess ArtifactNode; click T1562001 href "/offensive-technique/attack/T1562.001/"; click OperatingSystemProcess href "dao/artifact/d3f:OperatingSystemProcess";T1003004["LSA Secrets"] --> |may-access| Process["Process"]; class T1003004 OffensiveTechniqueNode; class Process ArtifactNode; click T1003004 href "/offensive-technique/attack/T1003.004/"; click Process href "dao/artifact/d3f:Process";T1003001["LSASS Memory"] --> |accesses| Process["Process"]; class T1003001 OffensiveTechniqueNode; class Process ArtifactNode; click T1003001 href "/offensive-technique/attack/T1003.001/"; click Process href "dao/artifact/d3f:Process";T1053004["Launchd"] --> |creates| Process["Process"]; class T1053004 OffensiveTechniqueNode; class Process ArtifactNode; click T1053004 href "/offensive-technique/attack/T1053.004/"; click Process href "dao/artifact/d3f:Process";T1546007["Netsh Helper DLL"] --> |produces| Process["Process"]; class T1546007 OffensiveTechniqueNode; class Process ArtifactNode; click T1546007 href "/offensive-technique/attack/T1546.007/"; click Process href "dao/artifact/d3f:Process";T1055013["Process Doppelgänging"] --> |creates| Process["Process"]; class T1055013 OffensiveTechniqueNode; class Process ArtifactNode; click T1055013 href "/offensive-technique/attack/T1055.013/"; click Process href "dao/artifact/d3f:Process";T1505001["SQL Stored Procedures"] --> |creates| Process["Process"]; class T1505001 OffensiveTechniqueNode; class Process ArtifactNode; click T1505001 href "/offensive-technique/attack/T1505.001/"; click Process href "dao/artifact/d3f:Process";T1053["Scheduled Task/Job Execution"] --> |creates| Process["Process"]; class T1053 OffensiveTechniqueNode; class Process ArtifactNode; click T1053 href "/offensive-technique/attack/T1053/"; click Process href "dao/artifact/d3f:Process";T1053005["Schtasks Execution"] --> |creates| Process["Process"]; class T1053005 OffensiveTechniqueNode; class Process ArtifactNode; click T1053005 href "/offensive-technique/attack/T1053.005/"; click Process href "dao/artifact/d3f:Process";T1003002["Security Account Manager"] --> |may-access| Process["Process"]; class T1003002 OffensiveTechniqueNode; class Process ArtifactNode; click T1003002 href "/offensive-technique/attack/T1003.002/"; click Process href "dao/artifact/d3f:Process";T1505003["Web Shell"] --> |produces| Process["Process"]; class T1505003 OffensiveTechniqueNode; class Process ArtifactNode; click T1505003 href "/offensive-technique/attack/T1505.003/"; click Process href "dao/artifact/d3f:Process";