Esc
Visual Basic - T1059.005
(ATT&CK® Technique)
Definition
Adversaries may abuse Visual Basic (VB) for execution. VB is a programming language created by Microsoft with interoperability with many Windows technologies such as Component Object Model and the Native API through the Windows API. Although tagged as legacy with no planned future evolutions, VB is integrated and supported in the .NET Framework and cross-platform .NET Core.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR; T1059005["Visual Basic"] --> |executes| ExecutableScript["Executable Script"]; class T1059005 OffensiveTechniqueNode; class ExecutableScript ArtifactNode; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript"; click T1059005 href "/offensive-technique/attack/T1059.005/"; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript";DecoyFile["Decoy File"] --> | spoofs | ExecutableScript["Executable Script"]; DecoyFile["Decoy File"] -.-> | May Deceive | T1059005["Visual Basic"] ; class DecoyFile DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; DynamicAnalysis["Dynamic Analysis"] --> | analyzes | ExecutableScript["Executable Script"]; DynamicAnalysis["Dynamic Analysis"] -.-> | May Detect | T1059005["Visual Basic"] ; class DynamicAnalysis DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click DynamicAnalysis href "/technique/d3f:DynamicAnalysis"; EmulatedFileAnalysis["Emulated File Analysis"] --> | analyzes | ExecutableScript["Executable Script"]; EmulatedFileAnalysis["Emulated File Analysis"] -.-> | May Detect | T1059005["Visual Basic"] ; class EmulatedFileAnalysis DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click EmulatedFileAnalysis href "/technique/d3f:EmulatedFileAnalysis"; FileIntegrityMonitoring["File Integrity Monitoring"] --> | analyzes | ExecutableScript["Executable Script"]; FileIntegrityMonitoring["File Integrity Monitoring"] -.-> | May Detect | T1059005["Visual Basic"] ; class FileIntegrityMonitoring DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; FileEviction["File Eviction"] --> | deletes | ExecutableScript["Executable Script"]; FileEviction["File Eviction"] -.-> | May Evict | T1059005["Visual Basic"] ; class FileEviction DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click FileEviction href "/technique/d3f:FileEviction"; FileEncryption["File Encryption"] --> | encrypts | ExecutableScript["Executable Script"]; FileEncryption["File Encryption"] -.-> | May Harden | T1059005["Visual Basic"] ; class FileEncryption DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; LocalFilePermissions["Local File Permissions"] --> | restricts | ExecutableScript["Executable Script"]; LocalFilePermissions["Local File Permissions"] -.-> | May Harden | T1059005["Visual Basic"] ; class LocalFilePermissions DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; ExecutableAllowlisting["Executable Allowlisting"] --> | blocks | ExecutableScript["Executable Script"]; ExecutableAllowlisting["Executable Allowlisting"] -.-> | May Isolate | T1059005["Visual Basic"] ; class ExecutableAllowlisting DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click ExecutableAllowlisting href "/technique/d3f:ExecutableAllowlisting"; ExecutableDenylisting["Executable Denylisting"] --> | blocks | ExecutableScript["Executable Script"]; ExecutableDenylisting["Executable Denylisting"] -.-> | May Isolate | T1059005["Visual Basic"] ; class ExecutableDenylisting DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click ExecutableDenylisting href "/technique/d3f:ExecutableDenylisting"; RestoreFile["Restore File"] --> | restores | ExecutableScript["Executable Script"]; RestoreFile["Restore File"] -.-> | May Restore | T1059005["Visual Basic"] ; class RestoreFile DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click RestoreFile href "/technique/d3f:RestoreFile"; FileAnalysis["File Analysis"] --> | analyzes | ExecutableScript["Executable Script"]; FileAnalysis["File Analysis"] -.-> | May Detect | T1059005["Visual Basic"] ; class FileAnalysis DefensiveTechniqueNode; class ExecutableScript ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis";