This page is experimental and may change significantly in future
releases.
Process
Object Properties
- name
- Process
- abbreviated IRI
- d3f:Process
- definition
- A process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system (OS), a process may be made up of multiple threads of execution that execute instructions concurrently. A computer program is a passive collection of instructions, while a process is the actual execution of those instructions. Several processes may be associated with the same program; for example, opening up several instances of the same program often means more than one process is being executed.
- defined by
- http://dbpedia.org/resource/Process_(computing)
Neighbors
graph LR;
d3f:ProcessTree["Process Tree"] --> | contains | d3f:Process["Process"];
class d3f:ProcessTree ArtifactNode; class d3f:Process RootArtifactNode;
click d3f:ProcessTree href "/dao/artifact/d3f:ProcessTree"; click d3f:Process href "/dao/artifact/d3f:Process";
d3f:Process["Process"] --> | contains | d3f:ProcessImage["Process Image"]; class d3f:Process RootArtifactNode; class d3f:ProcessImage ArtifactNode;
click d3f:Process href "/dao/artifact/d3f:Process"; click d3f:ProcessImage href "/dao/artifact/d3f:ProcessImage";d3f:Process["Process"] --> | process-user | d3f:UserAccount["User Account"]; class d3f:Process RootArtifactNode; class d3f:UserAccount ArtifactNode;
click d3f:Process href "/dao/artifact/d3f:Process"; click d3f:UserAccount href "/dao/artifact/d3f:UserAccount";d3f:Process["Process"] --> | process-image-path | d3f:ExecutableBinary["Executable Binary"]; class d3f:Process RootArtifactNode; class d3f:ExecutableBinary ArtifactNode;
click d3f:Process href "/dao/artifact/d3f:Process"; click d3f:ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";
Inferred Relationships
Hierarchy
(filtered)
Related Countermeasure Techniques
graph LR;
SystemDaemonMonitoring["System Daemon Monitoring"] -->
| monitors | OperatingSystemProcess["Operating System Process"]; class SystemDaemonMonitoring DefensiveTechniqueNode; class OperatingSystemProcess ArtifactNode; click SystemDaemonMonitoring href "/technique/d3f:SystemDaemonMonitoring"; click OperatingSystemProcess href "/dao/artifact/d3f:OperatingSystemProcess";ProcessSelf-ModificationDetection["Process Self-Modification Detection"] -->
| analyzes | Process["Process"]; class ProcessSelf-ModificationDetection DefensiveTechniqueNode; class Process ArtifactNode; click ProcessSelf-ModificationDetection href "/technique/d3f:ProcessSelf-ModificationDetection"; click Process href "/dao/artifact/d3f:Process";ProcessSpawnAnalysis["Process Spawn Analysis"] -->
| analyzes | Process["Process"]; class ProcessSpawnAnalysis DefensiveTechniqueNode; class Process ArtifactNode; click ProcessSpawnAnalysis href "/technique/d3f:ProcessSpawnAnalysis"; click Process href "/dao/artifact/d3f:Process";ProcessLineageAnalysis["Process Lineage Analysis"] -->
| analyzes | Process["Process"]; class ProcessLineageAnalysis DefensiveTechniqueNode; class Process ArtifactNode; click ProcessLineageAnalysis href "/technique/d3f:ProcessLineageAnalysis"; click Process href "/dao/artifact/d3f:Process";Hardware-basedProcessIsolation["Hardware-based Process Isolation"] -->
| isolates | Process["Process"]; class Hardware-basedProcessIsolation DefensiveTechniqueNode; class Process ArtifactNode; click Hardware-basedProcessIsolation href "/technique/d3f:Hardware-basedProcessIsolation"; click Process href "/dao/artifact/d3f:Process";MandatoryAccessControl["Mandatory Access Control"] -->
| isolates | Process["Process"]; class MandatoryAccessControl DefensiveTechniqueNode; class Process ArtifactNode; click MandatoryAccessControl href "/technique/d3f:MandatoryAccessControl"; click Process href "/dao/artifact/d3f:Process";ProcessTermination["Process Termination"] -->
| terminates | Process["Process"]; class ProcessTermination DefensiveTechniqueNode; class Process ArtifactNode; click ProcessTermination href "/technique/d3f:ProcessTermination"; click Process href "/dao/artifact/d3f:Process";ScriptExecutionAnalysis["Script Execution Analysis"] -->
| analyzes | ScriptApplicationProcess["Script Application Process"]; class ScriptExecutionAnalysis DefensiveTechniqueNode; class ScriptApplicationProcess ArtifactNode; click ScriptExecutionAnalysis href "/technique/d3f:ScriptExecutionAnalysis"; click ScriptApplicationProcess href "/dao/artifact/d3f:ScriptApplicationProcess";
Related Offensive Techniques
graph LR;
T1562001["Disable or Modify Tools"] --> |disables| OperatingSystemProcess["Operating System Process"]; class T1562001 OffensiveTechniqueNode;
class OperatingSystemProcess ArtifactNode; click T1562001 href "/offensive-technique/attack/T1562.001/"; click OperatingSystemProcess href "/dao/artifact/d3f:OperatingSystemProcess";T1003001["LSASS Memory"] --> |accesses| Process["Process"]; class T1003001 OffensiveTechniqueNode;
class Process ArtifactNode; click T1003001 href "/offensive-technique/attack/T1003.001/"; click Process href "/dao/artifact/d3f:Process";T1003002["Security Account Manager"] --> |may-access| Process["Process"]; class T1003002 OffensiveTechniqueNode;
class Process ArtifactNode; click T1003002 href "/offensive-technique/attack/T1003.002/"; click Process href "/dao/artifact/d3f:Process";T1003004["LSA Secrets"] --> |may-access| Process["Process"]; class T1003004 OffensiveTechniqueNode;
class Process ArtifactNode; click T1003004 href "/offensive-technique/attack/T1003.004/"; click Process href "/dao/artifact/d3f:Process";T1505003["Web Shell"] --> |produces| Process["Process"]; class T1505003 OffensiveTechniqueNode;
class Process ArtifactNode; click T1505003 href "/offensive-technique/attack/T1505.003/"; click Process href "/dao/artifact/d3f:Process";T1546007["Netsh Helper DLL"] --> |produces| Process["Process"]; class T1546007 OffensiveTechniqueNode;
class Process ArtifactNode; click T1546007 href "/offensive-technique/attack/T1546.007/"; click Process href "/dao/artifact/d3f:Process";