This page is experimental and may change significantly in future releases.
File
Access Control Configuration
Access Control Group
Access Control List
Access Mediator
Access Process
Access Token
Activity Dependency
Actuator
Address Space
Administrative Network Traffic
Alias
Allocate Memory
Anonymous Pipe
Application
Application Configuration
Application Configuration Database
Application Configuration Database Record
Application Configuration File
Application Installer
Application Inventory Sensor
Application Layer Firewall
Application Layer Link
Application Process
Application Process Configuration
Application Rule
Application Shim
Archive File
Artifact Server
Asset Inventory Agent
Asymmetric Key
Audio Input Device
Authenticate User
Authentication Function
Authentication Log
Authentication Server
Authentication Service
Authorization Log
Authorization Service
Barcode Scanner Input Device
Binary Large Object
Binary Segment
Block Device
Boot Loader
Boot Record
Boot Sector
Browser
Browser Extension
Build Tool
Business Communication Platform Client
CA Certificate File
Processor Cache Memory
Call Stack
Central Processing Unit
Certificate
Certificate File
Certificate Trust Store
Chatroom Client
Child Process
Client Application
Client Computer
Clipboard
Cloud Configuration
Cloud Instance Metadata
Cloud Service Sensor
Cloud Storage
Cloud User Account
Code Analyzer
Code Repository
Collaborative Software
Network Agent
Command
Command History Log
Command History Log File
Command Line Interface
Compiler
Compiler Configuration File
Computer Network Node
Computer Platform
Computing Image
Computing Server
Computing Snapshot
Configuration Database
Configuration Database Record
Configuration File
Configuration Management Database
Configuration Resource
Connect Socket
Console Output Function
Container Build Tool
Container Image
Container Orchestration Software
Container Process
Container Runtime
Copy Memory Function
Copy Token
Create File
Create Process
Create Socket
Create Thread
Credential
Credential Management System
Cryptographic Key
Custom Archive File
Cyber Sensor
DHCP Network Traffic
DHCP Server
DNS Lookup
DNS Network Traffic
DNS Record
DNS Server
Data Artifact Server
Data Dependency
Data Link Link
Database
Database File
Database Query
Database Server
Decoy Artifact
Default User Account
Delete File
Dependency
Deserialization Function
Desktop Computer
Developer Application
Dial Up Modem
Differential Volume Snapshot
Digital Artifact
Digital Event Record
Digital Fingerprint
Digital Identity
Digital Information
Digital Information Bearer
Digital System
Directory
Directory Service
Disk Image
Display Adapter
Display Device Driver
Display Server
Document File
Domain Name
Domain Registration
Domain User Account
Dynamic Analysis Tool
Email
Email Attachment
Email Rule
Embedded Computer
Enclave
Encrypted Credential
Encrypted Password
Endpoint Sensor
Eval Function
Event Log
Exception Handler
Exec
Executable Binary
Executable File
Executable Script
External Content Inclusion Function
Fast Symbolic Link
File
File Hash
File Path Open Function
File Section
File Server
File Share Service
File System
File System Link
File System Metadata
File System Sensor
File Transfer Network Traffic
Finger Print Scanner Input Device
Firewall
Firmware
Firmware Sensor
First-stage Boot Loader
Flash Memory
Forward Proxy Server
Free Memory
Full Volume Snapshot
Get Open Sockets
Get Open Windows
Get Running Processes
Get Screen Capture
Get System Config Value
Get System Network Config Value
Get System Time
Get Thread Context
Global User Account
Graphical User Interface
Graphics Card Firmware
Graphics Processing Unit
Group Policy
HTML File
Hard Disk Firmware
Hard Link
Hardware Device
Hardware Driver
Heap Segment
Host
Host-based Firewall
Host Configuration Sensor
Host Group
Hostname
Human Input Device Firmware
I/O Module
IP Address
IPC Network Traffic
IP Phone
Identifier
Image Code Segment
Image Data Segment
Image Scanner Input Device
Image Segment
Impersonate User
Import Library Function
In-memory Password Store
Inbound Internet DNS Response Traffic
Inbound Internet Mail Traffic
Inbound Internet Network Traffic
Inbound Network Traffic
Init Script
Input Device
Input Function
Instant Messaging Client
Integration Test Execution Tool
Internet DNS Lookup
Internet File Transfer Traffic
Internet Network
Internet Network Traffic
Internet Persona
Interprocess Communication
Intranet Administrative Network Traffic
Intranet DNS Lookup
Intranet File Transfer Traffic
Intranet IPC Network Traffic
Intranet Multicast Network Traffic
Intranet Network
Intranet Network Traffic
Intranet RPC Network Traffic
Intranet Web Network Traffic
Intrusion Detection System
Intrusion Prevention System
Java Archive
JavaScript Blob
Job Schedule
Job Scheduler Software
Kerberos Ticket
Kerberos Ticket Granting Service Ticket
Kerberos Ticket Granting Ticket
Kerberos Ticket Granting Ticket Account
Kernel
Kernel API Sensor
Kernel Module
Kernel Process Table
Keyboard Input Device
Kiosk Computer
Laptop Computer
Legacy System
Link
Linux Clone
Linux Clone3
Linux Clone3 Argument CLONE_THREAD
Linux Clone Argument CLONE_THREAD
Linux Connect
Linux Creat
Linux Delete Module
Linux Execve
Linux Execveat
Linux Fork
Linux Init Module
Linux Kill Argument SIGKILL
Linux Mmap
Linux Mmap2
Linux Munmap
Linux Open Argument O_CREAT
Linux Open Argument O_RDONLY, O_WRONLY, O_RDWR
Linux OpenAt2 Argument O_CREAT
Linux OpenAt2 Argument O_RDONLY, O_WRONLY, O_RDWR
Linux OpenAt Argument O_CREAT
Linux OpenAt Argument O_RDONLY, O_WRONLY, O_RDWR
Linux Pause Process
Linux Pause Thread
Linux Ptrace Argument PTRACE_ATTACH
Linux Ptrace Argument PTRACE_CONT
Linux Ptrace Argument PTRACE_GETREGS
Linux Ptrace Argument PTRACE_INTERRUPT
Linux Ptrace Argument PTRACE_PEEKTEXT
Linux Ptrace Argument PTRACE_POKETEXT
Linux Ptrace Argument PTRACE_SETREGS
Linux Ptrace Argument PTRACE_DETACH
Linux Ptrace Argument PTRACE_TRACEME
Linux Read
Linux Readv
Linux Rename
Linux Renameat
Linux Renameat2
Linux Socket
Linux Socketcall Argument SYS_CONNECT
Linux Socketcall Argument SYS_SOCKET
Linux Time
Linux Unlink
Linux Unlinkat
Linux Vfork
Linux Write
Linux Writev
Linux _Exit
Load Module
Local Area Network
Local Area Network Traffic
Local Authentication Service
Local Authorization Service
Local Resource
Local Resource Access
Local User Account
Log
Log File
Log Message Function
Logical Link
Login Session
Logon User
MAC Address
MacOS Keychain
Mail Network Traffic
Mail Server
Mail Service
Mathematical Function
Media Server
Memory Address
Memory Address Space
Memory Allocation Function
Memory Block
Memory Extent
Memory Free Function
Memory Management Unit
Memory Management Unit Component
Memory Pool
Memory Protection Unit
Memory Word
Message Transfer Agent
Metadata
Microcode
Microsoft HTML Application
Mobile Phone
Modem
Mouse Input Device
Move File
Multimedia Document File
NTFS Hard Link
NTFS Junction Point
NTFS Link
NTFS Symbolic Link
Named Pipe
Network
Network Card Firmware
Network Directory Resource
Network File Resource
Network File Share Resource
Network Flow
Network Flow Sensor
Network Init Script File Resource
Network Interface Card
Network Link
Network Node
Network Packet
Network Printer
Network Protocol Analyzer
Network Resource
Network Resource Access
Network Scanner
Network Sensor
Network Service
Network Session
Network Time Server
Network Traffic
Network Traffic Analysis Software
OS API Access Process
OS API Allocate Memory
OS API Connect Socket
OS API Copy Token
OS API Create File
OS API Create Process
OS API Create Socket
OS API Create Thread
OS API Delete File
OS API Exec
OS API Free Memory
OS API Function
OS API Get System Time
OS API Get Thread Context
OS API Load Module
OS API Move File
OS API Open File
OS API Read File
OS API Read Memory
OS API Resume Process
OS API Resume Thread
OS API Save Registers
OS API Set Registers
OS API Set Thread Context
OS API Suspend Process
OS API Suspend Thread
OS API System Function
OS API Terminate Process
OS API Trace Process
OS API Trace Thread
OS API Unload Module
OS API Write File
OS API Write Memory
OT Actuator
OT Controller
OT Embedded Computer
OT I/O Module
OT Power Supply
OT Sensor
Object File
Office Application
Office Application File
Open File
Operating System
Operating System Configuration
Operating System Configuration Component
Operating System Configuration File
Operating System Executable File
Operating System File
Operating System Log File
Operating System Packaging Tool
Operating System Process
Operating System Shared Library File
Operations Center Computer
Optical Disc Image
Optical Modem
Orchestration Controller
Orchestration Server
Orchestration Worker
Outbound Internet DNS Lookup Traffic
Outbound Internet Encrypted Remote Terminal Traffic
Outbound Internet Encrypted Traffic
Outbound Internet Encrypted Web Traffic
Outbound Internet File Transfer Traffic
Outbound Internet Mail Traffic
Outbound Internet Network Traffic
Outbound Internet RPC Traffic
Outbound Internet Web Traffic
Outbound Network Traffic
Output Device
POSIX Symbolic Link
Packet Log
Page
Page Frame
Page Table
Parent Process
Partition
Partition Table
Password
Password Database
Password File
Password Manager
Password Store
Peripheral Firmware
Peripheral Hub Firmware
Personal Computer
Physical Address
Physical Link
Pipe
Pointer
Pointer Dereferencing Function
PowerShell Profile Script
Power Supply
Primary Storage
Print Server
Private Key
Privileged User Account
Process
Process Code Segment
Process Data Segment
Process Environment Variable
Process Image
Process Segment
Process Start Function
Process Tree
Processor
Processor Component
Processor Register
Property List File
Proxy Server
Public Key
Python Package
Python Script File
RAM
RDP Session
RF Node
RF Receiver
RF Transceiver
RF Transmitter
ROM
RPC Network Traffic
Radio Modem
Raw Memory Access Function
Read File
Read Memory
Record
Remote Authentication Service
Remote Authorization Service
Remote Command
Remote Database Query
Remote Login Session
Remote Procedure Call
Remote Resource
Remote Session
Remote Terminal Session
Removable Media Device
Repository
Resource
Resource Access
Resource Fork
Resume Process
Resume Thread
Reverse Proxy Server
Router
SSH Session
Save Registers
Saved Instruction Pointer
Scheduled Job
Script Application Process
Second-stage Boot Loader
Secondary Storage
Security Token
Sensor
Serialization Function
Server
Service Account
Service Application
Service Application Process
Service Dependency
Session
Session Cookie
Session Token
Set Registers
Set System Config Value
Set Thread Context
Shadow Stack
Shared Computer
Shared Library File
Shared Resource Access Function
Shim
Shim Database
Shortcut File
Slow Symbolic Link
Software
Software Artifact Server
Software Deployment Tool
Software Library
Software Library File
Software Package
Software Packaging Tool
Software Patch
Software Repository
Source Code Analyzer Tool
Stack Component
Stack Frame
Stack Frame Canary
Stack Segment
Startup Directory
Static Analysis Tool
Storage
Storage Image
Storage Snapshot
Stored Procedure
String Format Function
Subroutine
Suspend Process
Suspend Thread
Switch
Symbolic Link
Symmetric Key
System Call
System Config System Call
System Configuration Database
System Configuration Database Record
System Configuration Init Database Record
System Configuration Init Resource
System Dependency
System Firewall Configuration
System Firmware
System Init Configuration
System Init Process
System Init Script
System Password Database
System Service Software
System Software
System Startup Directory
System State Image
System Time Application
System Utilization Record
TFTP Network Traffic
TFTP Server
Tablet Computer
Terminate Process
Tertiary Storage
Test Execution Tool
Thin Client Computer
Thread
Thread Start Function
Ticket Granting Ticket
Trace Process
Trace Thread
Transducer Sensor
Translation Lookaside Buffer
Transport Link
Trust Store
URL
Unit Test Execution Tool
Unix Hard Link
Unix Link
Unload Module
User
User Account
User Action
User Application
User Behavior
User Group
User Init Configuration File
User Init Script
User Input Function
User Interface
User Logon Init Resource
User Process
User Profile
User Startup Directory
User Startup Script File
User to User Message
Utility Software
Virtual Machine Image
VPN Server
Version Control Tool
Video Input Device
Virtual Address
Virtual Memory Space
Virtualization Software
Volume
Volume Boot Record
Volume Snapshot
Web API Resource
Web Access Token
Web Application Firewall
Web Application Server
Web File Resource
Web Identity Token
Web Network Traffic
Web Resource
Web Resource Access
Web Script File
Web Server
Web Server Application
Wide Area Network
Windows OpenFile
Windows CreateFileA
Windows CreateProcessA
Windows CreateRemoteThread
Windows CreateThread
Windows DeleteFile
Windows DuplicateToken
Windows GetThreadContext
Windows NtGetThreadContext
Windows NtAllocateVirtualMemory
Windows NtAllocateVirtualMemoryEx
Windows NtCreateFile
Windows NtCreateMailslotFile
Windows NtCreateNamedPipeFile
Windows NtCreatePagingFile
Windows NtCreateProcess
Windows NtCreateProcessEx
Windows NtCreateThread
Windows NtCreateThreadEx
Windows NtDeleteFile
Windows NtDuplicateToken
Windows NtFlushInstructionCache
Windows NtFreeVirtualMemory
Windows NtOpenFile
Windows NtOpenProcess
Windows NtOpenThread
Windows NtProtectVirtualMemory
Windows NtQuerySystemTime
Windows NtReadFile
Windows NtReadFileScatter
Windows NtResumeThread
Windows NtSetInformationFile Argument FileDispositionInformation
Windows NtSetThreadContext
Windows NtSuspendProcess
Windows NtSuspendThread
Windows NtTerminateProcess
Windows NtWriteFile
Windows NtWriteFileGather
Windows NtWriteVirtualMemory
Windows OpenProcess
Windows OpenThread
Windows QueryPerformanceCounter
Windows ReadFile
Windows Registry
Windows Registry Key
Windows Registry Value
Windows ResumeThread
Windows SetThreadContext
Windows Shortcut File
Windows SuspendThread
Windows TerminateProcess
Windows VirtualAllocEx
Windows VirtualFree
Windows VirtualProtectEx
Windows WriteFile
Windows WriteProcessMemory
Wireless Access Point
Wireless Router
Write File
Write Memory
Zero Client Computer
Properties
id: d3f:File
- name
- File
- definition
- A file maintained in computer-readable form.
- see also
- http://wordnet-rdf.princeton.edu/id/06521201-n
Neighbors
graph LR; d3f:CreateFile["Create File"] --> | creates | d3f:File["File"]; class d3f:CreateFile inbound_node; style d3f:CreateFile fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:CreateFile href "/dao/artifact/d3f:CreateFile"; click d3f:File href "/dao/artifact/d3f:File";d3f:DeleteFile["Delete File"] --> | deletes | d3f:File["File"]; class d3f:DeleteFile inbound_node; style d3f:DeleteFile fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:DeleteFile href "/dao/artifact/d3f:DeleteFile"; click d3f:File href "/dao/artifact/d3f:File";d3f:Directory["Directory"] --> | may-contain | d3f:File["File"]; class d3f:Directory inbound_node; style d3f:Directory fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:Directory href "/dao/artifact/d3f:Directory"; click d3f:File href "/dao/artifact/d3f:File";d3f:Email["Email"] --> | may-contain | d3f:File["File"]; class d3f:Email inbound_node; style d3f:Email fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:Email href "/dao/artifact/d3f:Email"; click d3f:File href "/dao/artifact/d3f:File";d3f:FileHash["File Hash"] --> | identifies | d3f:File["File"]; class d3f:FileHash inbound_node; style d3f:FileHash fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:FileHash href "/dao/artifact/d3f:FileHash"; click d3f:File href "/dao/artifact/d3f:File";d3f:FilePathOpenFunction["File Path Open Function"] --> | accesses | d3f:File["File"]; class d3f:FilePathOpenFunction inbound_node; style d3f:FilePathOpenFunction fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:FilePathOpenFunction href "/dao/artifact/d3f:FilePathOpenFunction"; click d3f:File href "/dao/artifact/d3f:File";d3f:FileSystem["File System"] --> | contains | d3f:File["File"]; class d3f:FileSystem inbound_node; style d3f:FileSystem fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:FileSystem href "/dao/artifact/d3f:FileSystem"; click d3f:File href "/dao/artifact/d3f:File";d3f:FileSystemSensor["File System Sensor"] --> | monitors | d3f:File["File"]; class d3f:FileSystemSensor inbound_node; style d3f:FileSystemSensor fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:FileSystemSensor href "/dao/artifact/d3f:FileSystemSensor"; click d3f:File href "/dao/artifact/d3f:File";d3f:IntranetIPCNetworkTraffic["Intranet IPC Network Traffic"] --> | may-contain | d3f:File["File"]; class d3f:IntranetIPCNetworkTraffic inbound_node; style d3f:IntranetIPCNetworkTraffic fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:IntranetIPCNetworkTraffic href "/dao/artifact/d3f:IntranetIPCNetworkTraffic"; click d3f:File href "/dao/artifact/d3f:File";d3f:IntranetWebNetworkTraffic["Intranet Web Network Traffic"] --> | may-contain | d3f:File["File"]; class d3f:IntranetWebNetworkTraffic inbound_node; style d3f:IntranetWebNetworkTraffic fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:IntranetWebNetworkTraffic href "/dao/artifact/d3f:IntranetWebNetworkTraffic"; click d3f:File href "/dao/artifact/d3f:File";d3f:NetworkFileResource["Network File Resource"] --> | contains | d3f:File["File"]; class d3f:NetworkFileResource inbound_node; style d3f:NetworkFileResource fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:NetworkFileResource href "/dao/artifact/d3f:NetworkFileResource"; click d3f:File href "/dao/artifact/d3f:File";d3f:OpenFile["Open File"] --> | accesses | d3f:File["File"]; class d3f:OpenFile inbound_node; style d3f:OpenFile fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:OpenFile href "/dao/artifact/d3f:OpenFile"; click d3f:File href "/dao/artifact/d3f:File";d3f:OutboundInternetFileTransferTraffic["Outbound Internet File Transfer Traffic"] --> | contains | d3f:File["File"]; class d3f:OutboundInternetFileTransferTraffic inbound_node; style d3f:OutboundInternetFileTransferTraffic fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:OutboundInternetFileTransferTraffic href "/dao/artifact/d3f:OutboundInternetFileTransferTraffic"; click d3f:File href "/dao/artifact/d3f:File";d3f:ReadFile["Read File"] --> | reads | d3f:File["File"]; class d3f:ReadFile inbound_node; style d3f:ReadFile fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:ReadFile href "/dao/artifact/d3f:ReadFile"; click d3f:File href "/dao/artifact/d3f:File";d3f:SymbolicLink["Symbolic Link"] --> | addresses | d3f:File["File"]; class d3f:SymbolicLink inbound_node; style d3f:SymbolicLink fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:SymbolicLink href "/dao/artifact/d3f:SymbolicLink"; click d3f:File href "/dao/artifact/d3f:File";d3f:WriteFile["Write File"] --> | modifies | d3f:File["File"]; class d3f:WriteFile inbound_node; style d3f:WriteFile fill:#fff4dd; class d3f:File RootArtifactNode; style d3f:File fill:#fff4dd; click d3f:WriteFile href "/dao/artifact/d3f:WriteFile"; click d3f:File href "/dao/artifact/d3f:File"; d3f:File["File"] --> | may-contain | d3f:File["File"]; class d3f:File RootArtifactNode; class d3f:File ArtifactNode; click d3f:File href "/dao/artifact/d3f:File"; click d3f:File href "/dao/artifact/d3f:File";d3f:File["File"] --> | may-contain | d3f:URL["URL"]; class d3f:File RootArtifactNode; class d3f:URL ArtifactNode; click d3f:File href "/dao/artifact/d3f:File"; click d3f:URL href "/dao/artifact/d3f:URL";d3f:File["File"] --> | contains | d3f:FileSection["File Section"]; class d3f:File RootArtifactNode; class d3f:FileSection ArtifactNode; click d3f:File href "/dao/artifact/d3f:File"; click d3f:FileSection href "/dao/artifact/d3f:FileSection";
Inferred Relationships
Hierarchy
(filtered)
Related Countermeasure Techniques
graph LR; CertificateAnalysis["Certificate Analysis"] --> | analyzes | CertificateFile["Certificate File"]; class CertificateAnalysis DefensiveTechniqueNode; class CertificateFile ArtifactNode; click CertificateAnalysis href "/technique/d3f:CertificateAnalysis"; click CertificateFile href "/dao/artifact/d3f:CertificateFile";DynamicAnalysis["Dynamic Analysis"] --> | analyzes | DocumentFile["Document File"]; class DynamicAnalysis DefensiveTechniqueNode; class DocumentFile ArtifactNode; click DynamicAnalysis href "/technique/d3f:DynamicAnalysis"; click DocumentFile href "/dao/artifact/d3f:DocumentFile";EmulatedFileAnalysis["Emulated File Analysis"] --> | analyzes | DocumentFile["Document File"]; class EmulatedFileAnalysis DefensiveTechniqueNode; class DocumentFile ArtifactNode; click EmulatedFileAnalysis href "/technique/d3f:EmulatedFileAnalysis"; click DocumentFile href "/dao/artifact/d3f:DocumentFile";EmailRemoval["Email Removal"] --> | deletes | Email["Email"]; class EmailRemoval DefensiveTechniqueNode; class Email ArtifactNode; click EmailRemoval href "/technique/d3f:EmailRemoval"; click Email href "/dao/artifact/d3f:Email";SenderMTAReputationAnalysis["Sender MTA Reputation Analysis"] --> | analyzes | Email["Email"]; class SenderMTAReputationAnalysis DefensiveTechniqueNode; class Email ArtifactNode; click SenderMTAReputationAnalysis href "/technique/d3f:SenderMTAReputationAnalysis"; click Email href "/dao/artifact/d3f:Email";SenderReputationAnalysis["Sender Reputation Analysis"] --> | analyzes | Email["Email"]; class SenderReputationAnalysis DefensiveTechniqueNode; class Email ArtifactNode; click SenderReputationAnalysis href "/technique/d3f:SenderReputationAnalysis"; click Email href "/dao/artifact/d3f:Email";HomoglyphDetection["Homoglyph Detection"] --> | analyzes | Email["Email"]; class HomoglyphDetection DefensiveTechniqueNode; class Email ArtifactNode; click HomoglyphDetection href "/technique/d3f:HomoglyphDetection"; click Email href "/dao/artifact/d3f:Email";RestoreEmail["Restore Email"] --> | restores | Email["Email"]; class RestoreEmail DefensiveTechniqueNode; class Email ArtifactNode; click RestoreEmail href "/technique/d3f:RestoreEmail"; click Email href "/dao/artifact/d3f:Email";EmailFiltering["Email Filtering"] --> | filters | Email["Email"]; class EmailFiltering DefensiveTechniqueNode; class Email ArtifactNode; click EmailFiltering href "/technique/d3f:EmailFiltering"; click Email href "/dao/artifact/d3f:Email";ExecutableAllowlisting["Executable Allowlisting"] --> | blocks | ExecutableFile["Executable File"]; class ExecutableAllowlisting DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableAllowlisting href "/technique/d3f:ExecutableAllowlisting"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";ExecutableDenylisting["Executable Denylisting"] --> | blocks | ExecutableFile["Executable File"]; class ExecutableDenylisting DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click ExecutableDenylisting href "/technique/d3f:ExecutableDenylisting"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";EmulatedFileAnalysis["Emulated File Analysis"] --> | analyzes | ExecutableFile["Executable File"]; class EmulatedFileAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click EmulatedFileAnalysis href "/technique/d3f:EmulatedFileAnalysis"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";DynamicAnalysis["Dynamic Analysis"] --> | analyzes | ExecutableFile["Executable File"]; class DynamicAnalysis DefensiveTechniqueNode; class ExecutableFile ArtifactNode; click DynamicAnalysis href "/technique/d3f:DynamicAnalysis"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";FileIntegrityMonitoring["File Integrity Monitoring"] --> | analyzes | File["File"]; class FileIntegrityMonitoring DefensiveTechniqueNode; class File ArtifactNode; click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; click File href "/dao/artifact/d3f:File";FileEviction["File Eviction"] --> | deletes | File["File"]; class FileEviction DefensiveTechniqueNode; class File ArtifactNode; click FileEviction href "/technique/d3f:FileEviction"; click File href "/dao/artifact/d3f:File";FileAnalysis["File Analysis"] --> | analyzes | File["File"]; class FileAnalysis DefensiveTechniqueNode; class File ArtifactNode; click FileAnalysis href "/technique/d3f:FileAnalysis"; click File href "/dao/artifact/d3f:File";RemoteFileAccessMediation["Remote File Access Mediation"] --> | isolates | File["File"]; class RemoteFileAccessMediation DefensiveTechniqueNode; class File ArtifactNode; click RemoteFileAccessMediation href "/technique/d3f:RemoteFileAccessMediation"; click File href "/dao/artifact/d3f:File";FileEncryption["File Encryption"] --> | encrypts | File["File"]; class FileEncryption DefensiveTechniqueNode; class File ArtifactNode; click FileEncryption href "/technique/d3f:FileEncryption"; click File href "/dao/artifact/d3f:File";LocalFilePermissions["Local File Permissions"] --> | restricts | File["File"]; class LocalFilePermissions DefensiveTechniqueNode; class File ArtifactNode; click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; click File href "/dao/artifact/d3f:File";DecoyFile["Decoy File"] --> | spoofs | File["File"]; class DecoyFile DefensiveTechniqueNode; class File ArtifactNode; click DecoyFile href "/technique/d3f:DecoyFile"; click File href "/dao/artifact/d3f:File";RestoreFile["Restore File"] --> | restores | File["File"]; class RestoreFile DefensiveTechniqueNode; class File ArtifactNode; click RestoreFile href "/technique/d3f:RestoreFile"; click File href "/dao/artifact/d3f:File";SystemFileAnalysis["System File Analysis"] --> | analyzes | OperatingSystemFile["Operating System File"]; class SystemFileAnalysis DefensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click SystemFileAnalysis href "/technique/d3f:SystemFileAnalysis"; click OperatingSystemFile href "/dao/artifact/d3f:OperatingSystemFile";UserSessionInitConfigAnalysis["User Session Init Config Analysis"] --> | analyzes | UserInitConfigurationFile["User Init Configuration File"]; class UserSessionInitConfigAnalysis DefensiveTechniqueNode; class UserInitConfigurationFile ArtifactNode; click UserSessionInitConfigAnalysis href "/technique/d3f:UserSessionInitConfigAnalysis"; click UserInitConfigurationFile href "/dao/artifact/d3f:UserInitConfigurationFile";
Related Weaknesses
File
has no related weaknesses in this release. Related Offensive Techniques
graph LR; T1547007["Re-opened Applications"] --> |modifies| ApplicationConfigurationFile["Application Configuration File"]; class T1547007 OffensiveTechniqueNode; class ApplicationConfigurationFile ArtifactNode; click T1547007 href "/offensive-technique/attack/T1547.007/"; click ApplicationConfigurationFile href "/dao/artifact/d3f:ApplicationConfigurationFile";T1547011["Plist Modification"] --> |modifies| ApplicationConfigurationFile["Application Configuration File"]; class T1547011 OffensiveTechniqueNode; class ApplicationConfigurationFile ArtifactNode; click T1547011 href "/offensive-technique/attack/T1547.011/"; click ApplicationConfigurationFile href "/dao/artifact/d3f:ApplicationConfigurationFile";T1560["Archive Collected Data"] --> |creates| ArchiveFile["Archive File"]; class T1560 OffensiveTechniqueNode; class ArchiveFile ArtifactNode; click T1560 href "/offensive-technique/attack/T1560/"; click ArchiveFile href "/dao/artifact/d3f:ArchiveFile";T1560001["Archive via Utility"] --> |creates| ArchiveFile["Archive File"]; class T1560001 OffensiveTechniqueNode; class ArchiveFile ArtifactNode; click T1560001 href "/offensive-technique/attack/T1560.001/"; click ArchiveFile href "/dao/artifact/d3f:ArchiveFile";T1560002["Archive via Library"] --> |creates| ArchiveFile["Archive File"]; class T1560002 OffensiveTechniqueNode; class ArchiveFile ArtifactNode; click T1560002 href "/offensive-technique/attack/T1560.002/"; click ArchiveFile href "/dao/artifact/d3f:ArchiveFile";T1071["Application Layer Protocol"] --> |may-transfer| CertificateFile["Certificate File"]; class T1071 OffensiveTechniqueNode; class CertificateFile ArtifactNode; click T1071 href "/offensive-technique/attack/T1071/"; click CertificateFile href "/dao/artifact/d3f:CertificateFile";T1041["Exfiltration Over C2 Channel"] --> |may-transfer| CertificateFile["Certificate File"]; class T1041 OffensiveTechniqueNode; class CertificateFile ArtifactNode; click T1041 href "/offensive-technique/attack/T1041/"; click CertificateFile href "/dao/artifact/d3f:CertificateFile";T1048002["Exfiltration Over Asymmetric Encrypted Non-C2 Protocol"] --> |may-transfer| CertificateFile["Certificate File"]; class T1048002 OffensiveTechniqueNode; class CertificateFile ArtifactNode; click T1048002 href "/offensive-technique/attack/T1048.002/"; click CertificateFile href "/dao/artifact/d3f:CertificateFile";T1071001["Web Protocols"] --> |may-transfer| CertificateFile["Certificate File"]; class T1071001 OffensiveTechniqueNode; class CertificateFile ArtifactNode; click T1071001 href "/offensive-technique/attack/T1071.001/"; click CertificateFile href "/dao/artifact/d3f:CertificateFile";T1573002["Asymmetric Cryptography"] --> |may-transfer| CertificateFile["Certificate File"]; class T1573002 OffensiveTechniqueNode; class CertificateFile ArtifactNode; click T1573002 href "/offensive-technique/attack/T1573.002/"; click CertificateFile href "/dao/artifact/d3f:CertificateFile";T1552003["Bash History"] --> |accesses| CommandHistoryLogFile["Command History Log File"]; class T1552003 OffensiveTechniqueNode; class CommandHistoryLogFile ArtifactNode; click T1552003 href "/offensive-technique/attack/T1552.003/"; click CommandHistoryLogFile href "/dao/artifact/d3f:CommandHistoryLogFile";T1127001["MSBuild"] --> |modifies| CompilerConfigurationFile["Compiler Configuration File"]; class T1127001 OffensiveTechniqueNode; class CompilerConfigurationFile ArtifactNode; click T1127001 href "/offensive-technique/attack/T1127.001/"; click CompilerConfigurationFile href "/dao/artifact/d3f:CompilerConfigurationFile";T1560003["Archive via Custom Method"] --> |creates| CustomArchiveFile["Custom Archive File"]; class T1560003 OffensiveTechniqueNode; class CustomArchiveFile ArtifactNode; click T1560003 href "/offensive-technique/attack/T1560.003/"; click CustomArchiveFile href "/dao/artifact/d3f:CustomArchiveFile";T1555003["Credentials from Web Browsers"] --> |accesses| DatabaseFile["Database File"]; class T1555003 OffensiveTechniqueNode; class DatabaseFile ArtifactNode; click T1555003 href "/offensive-technique/attack/T1555.003/"; click DatabaseFile href "/dao/artifact/d3f:DatabaseFile";T1555["Credentials from Password Stores"] --> |may-access| DatabaseFile["Database File"]; class T1555 OffensiveTechniqueNode; class DatabaseFile ArtifactNode; click T1555 href "/offensive-technique/attack/T1555/"; click DatabaseFile href "/dao/artifact/d3f:DatabaseFile";T1534["Internal Spearphishing"] --> |produces| Email["Email"]; class T1534 OffensiveTechniqueNode; class Email ArtifactNode; click T1534 href "/offensive-technique/attack/T1534/"; click Email href "/dao/artifact/d3f:Email";T1566001["Spearphishing Attachment"] --> |produces| Email["Email"]; class T1566001 OffensiveTechniqueNode; class Email ArtifactNode; click T1566001 href "/offensive-technique/attack/T1566.001/"; click Email href "/dao/artifact/d3f:Email";T1566002["Spearphishing Link"] --> |produces| Email["Email"]; class T1566002 OffensiveTechniqueNode; class Email ArtifactNode; click T1566002 href "/offensive-technique/attack/T1566.002/"; click Email href "/dao/artifact/d3f:Email";T1114001["Local Email Collection"] --> |reads| Email["Email"]; class T1114001 OffensiveTechniqueNode; class Email ArtifactNode; click T1114001 href "/offensive-technique/attack/T1114.001/"; click Email href "/dao/artifact/d3f:Email";T1546015["Component Object Model Hijacking"] --> |loads| ExecutableBinary["Executable Binary"]; class T1546015 OffensiveTechniqueNode; class ExecutableBinary ArtifactNode; click T1546015 href "/offensive-technique/attack/T1546.015/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1546008["Accessibility Features"] --> |may-modify| ExecutableBinary["Executable Binary"]; class T1546008 OffensiveTechniqueNode; class ExecutableBinary ArtifactNode; click T1546008 href "/offensive-technique/attack/T1546.008/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1036001["Invalid Code Signature"] --> |creates| ExecutableBinary["Executable Binary"]; class T1036001 OffensiveTechniqueNode; class ExecutableBinary ArtifactNode; click T1036001 href "/offensive-technique/attack/T1036.001/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1055003["Thread Execution Hijacking"] --> |may-add| ExecutableBinary["Executable Binary"]; class T1055003 OffensiveTechniqueNode; class ExecutableBinary ArtifactNode; click T1055003 href "/offensive-technique/attack/T1055.003/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1027001["Binary Padding"] --> |modifies| ExecutableBinary["Executable Binary"]; class T1027001 OffensiveTechniqueNode; class ExecutableBinary ArtifactNode; click T1027001 href "/offensive-technique/attack/T1027.001/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1546006["LC_LOAD_DYLIB Addition"] --> |modifies| ExecutableBinary["Executable Binary"]; class T1546006 OffensiveTechniqueNode; class ExecutableBinary ArtifactNode; click T1546006 href "/offensive-technique/attack/T1546.006/"; click ExecutableBinary href "/dao/artifact/d3f:ExecutableBinary";T1027004["Compile After Delivery"] --> |creates| ExecutableFile["Executable File"]; class T1027004 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1027004 href "/offensive-technique/attack/T1027.004/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1546002["Screensaver"] --> |creates| ExecutableFile["Executable File"]; class T1546002 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1546002 href "/offensive-technique/attack/T1546.002/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1574007["Path Interception by PATH Environment Variable"] --> |creates| ExecutableFile["Executable File"]; class T1574007 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1574007 href "/offensive-technique/attack/T1574.007/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1574008["Path Interception by Search Order Hijacking"] --> |creates| ExecutableFile["Executable File"]; class T1574008 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1574008 href "/offensive-technique/attack/T1574.008/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1574009["Path Interception by Unquoted Path"] --> |creates| ExecutableFile["Executable File"]; class T1574009 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1574009 href "/offensive-technique/attack/T1574.009/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1204002["Malicious File"] --> |executes| ExecutableFile["Executable File"]; class T1204002 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1204002 href "/offensive-technique/attack/T1204.002/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1548002["Bypass User Account Control"] --> |executes| ExecutableFile["Executable File"]; class T1548002 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1548002 href "/offensive-technique/attack/T1548.002/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1140["Deobfuscate/Decode Files or Information"] --> |may-add| ExecutableFile["Executable File"]; class T1140 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1140 href "/offensive-technique/attack/T1140/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1036003["Rename System Utilities"] --> |may-create| ExecutableFile["Executable File"]; class T1036003 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1036003 href "/offensive-technique/attack/T1036.003/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1565003["Runtime Data Manipulation"] --> |may-modify| ExecutableFile["Executable File"]; class T1565003 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1565003 href "/offensive-technique/attack/T1565.003/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1027002["Software Packing"] --> |obfuscates| ExecutableFile["Executable File"]; class T1027002 OffensiveTechniqueNode; class ExecutableFile ArtifactNode; click T1027002 href "/offensive-technique/attack/T1027.002/"; click ExecutableFile href "/dao/artifact/d3f:ExecutableFile";T1059["Command and Scripting Interpreter"] --> |executes| ExecutableScript["Executable Script"]; class T1059 OffensiveTechniqueNode; class ExecutableScript ArtifactNode; click T1059 href "/offensive-technique/attack/T1059/"; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript";T1220["XSL Script Processing"] --> |interprets| ExecutableScript["Executable Script"]; class T1220 OffensiveTechniqueNode; class ExecutableScript ArtifactNode; click T1220 href "/offensive-technique/attack/T1220/"; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript";T1137001["Office Template Macros"] --> |may-add| ExecutableScript["Executable Script"]; class T1137001 OffensiveTechniqueNode; class ExecutableScript ArtifactNode; click T1137001 href "/offensive-technique/attack/T1137.001/"; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript";T1546005["Trap"] --> |may-create| ExecutableScript["Executable Script"]; class T1546005 OffensiveTechniqueNode; class ExecutableScript ArtifactNode; click T1546005 href "/offensive-technique/attack/T1546.005/"; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript";T1016["System Network Configuration Discovery"] --> |may-execute| ExecutableScript["Executable Script"]; class T1016 OffensiveTechniqueNode; class ExecutableScript ArtifactNode; click T1016 href "/offensive-technique/attack/T1016/"; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript";T1546005["Trap"] --> |may-modify| ExecutableScript["Executable Script"]; class T1546005 OffensiveTechniqueNode; class ExecutableScript ArtifactNode; click T1546005 href "/offensive-technique/attack/T1546.005/"; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript";T1137001["Office Template Macros"] --> |may-modify| ExecutableScript["Executable Script"]; class T1137001 OffensiveTechniqueNode; class ExecutableScript ArtifactNode; click T1137001 href "/offensive-technique/attack/T1137.001/"; click ExecutableScript href "/dao/artifact/d3f:ExecutableScript";T1005["Data from Local System"] --> |accesses| File["File"]; class T1005 OffensiveTechniqueNode; class File ArtifactNode; click T1005 href "/offensive-technique/attack/T1005/"; click File href "/dao/artifact/d3f:File";T1119["Automated Collection"] --> |accesses| File["File"]; class T1119 OffensiveTechniqueNode; class File ArtifactNode; click T1119 href "/offensive-technique/attack/T1119/"; click File href "/dao/artifact/d3f:File";T1083["File and Directory Discovery"] --> |accesses| File["File"]; class T1083 OffensiveTechniqueNode; class File ArtifactNode; click T1083 href "/offensive-technique/attack/T1083/"; click File href "/dao/artifact/d3f:File";T1552001["Credentials In Files"] --> |accesses| File["File"]; class T1552001 OffensiveTechniqueNode; class File ArtifactNode; click T1552001 href "/offensive-technique/attack/T1552.001/"; click File href "/dao/artifact/d3f:File";T1072["Software Deployment Tools"] --> |adds| File["File"]; class T1072 OffensiveTechniqueNode; class File ArtifactNode; click T1072 href "/offensive-technique/attack/T1072/"; click File href "/dao/artifact/d3f:File";T1220["XSL Script Processing"] --> |adds| File["File"]; class T1220 OffensiveTechniqueNode; class File ArtifactNode; click T1220 href "/offensive-technique/attack/T1220/"; click File href "/dao/artifact/d3f:File";T1036006["Space after Filename"] --> |creates| File["File"]; class T1036006 OffensiveTechniqueNode; class File ArtifactNode; click T1036006 href "/offensive-technique/attack/T1036.006/"; click File href "/dao/artifact/d3f:File";T1564006["Run Virtual Instance"] --> |creates| File["File"]; class T1564006 OffensiveTechniqueNode; class File ArtifactNode; click T1564006 href "/offensive-technique/attack/T1564.006/"; click File href "/dao/artifact/d3f:File";T1070004["File Deletion"] --> |deletes| File["File"]; class T1070004 OffensiveTechniqueNode; class File ArtifactNode; click T1070004 href "/offensive-technique/attack/T1070.004/"; click File href "/dao/artifact/d3f:File";T1036005["Match Legitimate Name or Location"] --> |may-create| File["File"]; class T1036005 OffensiveTechniqueNode; class File ArtifactNode; click T1036005 href "/offensive-technique/attack/T1036.005/"; click File href "/dao/artifact/d3f:File";T1074001["Local Data Staging"] --> |may-create| File["File"]; class T1074001 OffensiveTechniqueNode; class File ArtifactNode; click T1074001 href "/offensive-technique/attack/T1074.001/"; click File href "/dao/artifact/d3f:File";T1070004["File Deletion"] --> |may-modify| File["File"]; class T1070004 OffensiveTechniqueNode; class File ArtifactNode; click T1070004 href "/offensive-technique/attack/T1070.004/"; click File href "/dao/artifact/d3f:File";T1565001["Stored Data Manipulation"] --> |modifies| File["File"]; class T1565001 OffensiveTechniqueNode; class File ArtifactNode; click T1565001 href "/offensive-technique/attack/T1565.001/"; click File href "/dao/artifact/d3f:File";T1566003["Spearphishing via Service"] --> |produces| File["File"]; class T1566003 OffensiveTechniqueNode; class File ArtifactNode; click T1566003 href "/offensive-technique/attack/T1566.003/"; click File href "/dao/artifact/d3f:File";T1547006["Kernel Modules and Extensions"] --> |modifies| KernelModule["Kernel Module"]; class T1547006 OffensiveTechniqueNode; class KernelModule ArtifactNode; click T1547006 href "/offensive-technique/attack/T1547.006/"; click KernelModule href "/dao/artifact/d3f:KernelModule";T1014["Rootkit"] --> |may-modify| KernelModule["Kernel Module"]; class T1014 OffensiveTechniqueNode; class KernelModule ArtifactNode; click T1014 href "/offensive-technique/attack/T1014/"; click KernelModule href "/dao/artifact/d3f:KernelModule";T1218005["Mshta"] --> |interprets| MicrosoftHTMLApplication["Microsoft HTML Application"]; class T1218005 OffensiveTechniqueNode; class MicrosoftHTMLApplication ArtifactNode; click T1218005 href "/offensive-technique/attack/T1218.005/"; click MicrosoftHTMLApplication href "/dao/artifact/d3f:MicrosoftHTMLApplication";T1037003["Network Logon Script"] --> |modifies| NetworkInitScriptFileResource["Network Init Script File Resource"]; class T1037003 OffensiveTechniqueNode; class NetworkInitScriptFileResource ArtifactNode; click T1037003 href "/offensive-technique/attack/T1037.003/"; click NetworkInitScriptFileResource href "/dao/artifact/d3f:NetworkInitScriptFileResource";T1055002["Portable Executable Injection"] --> |may-add| ObjectFile["Object File"]; class T1055002 OffensiveTechniqueNode; class ObjectFile ArtifactNode; click T1055002 href "/offensive-technique/attack/T1055.002/"; click ObjectFile href "/dao/artifact/d3f:ObjectFile";T1137003["Outlook Forms"] --> |adds| OfficeApplicationFile["Office Application File"]; class T1137003 OffensiveTechniqueNode; class OfficeApplicationFile ArtifactNode; click T1137003 href "/offensive-technique/attack/T1137.003/"; click OfficeApplicationFile href "/dao/artifact/d3f:OfficeApplicationFile";T1564007["VBA Stomping"] --> |modifies| OfficeApplicationFile["Office Application File"]; class T1564007 OffensiveTechniqueNode; class OfficeApplicationFile ArtifactNode; click T1564007 href "/offensive-technique/attack/T1564.007/"; click OfficeApplicationFile href "/dao/artifact/d3f:OfficeApplicationFile";T1018["Remote System Discovery"] --> |may-access| OperatingSystemConfigurationFile["Operating System Configuration File"]; class T1018 OffensiveTechniqueNode; class OperatingSystemConfigurationFile ArtifactNode; click T1018 href "/offensive-technique/attack/T1018/"; click OperatingSystemConfigurationFile href "/dao/artifact/d3f:OperatingSystemConfigurationFile";T1543002["Systemd Service"] --> |may-create| OperatingSystemConfigurationFile["Operating System Configuration File"]; class T1543002 OffensiveTechniqueNode; class OperatingSystemConfigurationFile ArtifactNode; click T1543002 href "/offensive-technique/attack/T1543.002/"; click OperatingSystemConfigurationFile href "/dao/artifact/d3f:OperatingSystemConfigurationFile";T1543002["Systemd Service"] --> |may-modify| OperatingSystemConfigurationFile["Operating System Configuration File"]; class T1543002 OffensiveTechniqueNode; class OperatingSystemConfigurationFile ArtifactNode; click T1543002 href "/offensive-technique/attack/T1543.002/"; click OperatingSystemConfigurationFile href "/dao/artifact/d3f:OperatingSystemConfigurationFile";T1556003["Pluggable Authentication Modules"] --> |may-modify| OperatingSystemConfigurationFile["Operating System Configuration File"]; class T1556003 OffensiveTechniqueNode; class OperatingSystemConfigurationFile ArtifactNode; click T1556003 href "/offensive-technique/attack/T1556.003/"; click OperatingSystemConfigurationFile href "/dao/artifact/d3f:OperatingSystemConfigurationFile";T1574006["Dynamic Linker Hijacking"] --> |modifies| OperatingSystemConfigurationFile["Operating System Configuration File"]; class T1574006 OffensiveTechniqueNode; class OperatingSystemConfigurationFile ArtifactNode; click T1574006 href "/offensive-technique/attack/T1574.006/"; click OperatingSystemConfigurationFile href "/dao/artifact/d3f:OperatingSystemConfigurationFile";T1548003["Sudo and Sudo Caching"] --> |modifies| OperatingSystemConfigurationFile["Operating System Configuration File"]; class T1548003 OffensiveTechniqueNode; class OperatingSystemConfigurationFile ArtifactNode; click T1548003 href "/offensive-technique/attack/T1548.003/"; click OperatingSystemConfigurationFile href "/dao/artifact/d3f:OperatingSystemConfigurationFile";T1036003["Rename System Utilities"] --> |may-modify| OperatingSystemExecutableFile["Operating System Executable File"]; class T1036003 OffensiveTechniqueNode; class OperatingSystemExecutableFile ArtifactNode; click T1036003 href "/offensive-technique/attack/T1036.003/"; click OperatingSystemExecutableFile href "/dao/artifact/d3f:OperatingSystemExecutableFile";T1003007["Proc Filesystem"] --> |accesses| OperatingSystemFile["Operating System File"]; class T1003007 OffensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click T1003007 href "/offensive-technique/attack/T1003.007/"; click OperatingSystemFile href "/dao/artifact/d3f:OperatingSystemFile";T1055009["Proc Memory"] --> |accesses| OperatingSystemFile["Operating System File"]; class T1055009 OffensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click T1055009 href "/offensive-technique/attack/T1055.009/"; click OperatingSystemFile href "/dao/artifact/d3f:OperatingSystemFile";T1055009["Proc Memory"] --> |may-modify| OperatingSystemFile["Operating System File"]; class T1055009 OffensiveTechniqueNode; class OperatingSystemFile ArtifactNode; click T1055009 href "/offensive-technique/attack/T1055.009/"; click OperatingSystemFile href "/dao/artifact/d3f:OperatingSystemFile";T1070002["Clear Linux or Mac System Logs"] --> |modifies| OperatingSystemLogFile["Operating System Log File"]; class T1070002 OffensiveTechniqueNode; class OperatingSystemLogFile ArtifactNode; click T1070002 href "/offensive-technique/attack/T1070.002/"; click OperatingSystemLogFile href "/dao/artifact/d3f:OperatingSystemLogFile";T1556003["Pluggable Authentication Modules"] --> |may-modify| OperatingSystemSharedLibraryFile["Operating System Shared Library File"]; class T1556003 OffensiveTechniqueNode; class OperatingSystemSharedLibraryFile ArtifactNode; click T1556003 href "/offensive-technique/attack/T1556.003/"; click OperatingSystemSharedLibraryFile href "/dao/artifact/d3f:OperatingSystemSharedLibraryFile";T1003008["/etc/passwd and /etc/shadow"] --> |accesses| PasswordFile["Password File"]; class T1003008 OffensiveTechniqueNode; class PasswordFile ArtifactNode; click T1003008 href "/offensive-technique/attack/T1003.008/"; click PasswordFile href "/dao/artifact/d3f:PasswordFile";T1033["System Owner/User Discovery"] --> |may-access| PasswordFile["Password File"]; class T1033 OffensiveTechniqueNode; class PasswordFile ArtifactNode; click T1033 href "/offensive-technique/attack/T1033/"; click PasswordFile href "/dao/artifact/d3f:PasswordFile";T1546013["PowerShell Profile"] --> |modifies| PowerShellProfileScript["PowerShell Profile Script"]; class T1546013 OffensiveTechniqueNode; class PowerShellProfileScript ArtifactNode; click T1546013 href "/offensive-technique/attack/T1546.013/"; click PowerShellProfileScript href "/dao/artifact/d3f:PowerShellProfileScript";T1053004["Launchd"] --> |creates| PropertyListFile["Property List File"]; class T1053004 OffensiveTechniqueNode; class PropertyListFile ArtifactNode; click T1053004 href "/offensive-technique/attack/T1053.004/"; click PropertyListFile href "/dao/artifact/d3f:PropertyListFile";T1543001["Launch Agent"] --> |creates| PropertyListFile["Property List File"]; class T1543001 OffensiveTechniqueNode; class PropertyListFile ArtifactNode; click T1543001 href "/offensive-technique/attack/T1543.001/"; click PropertyListFile href "/dao/artifact/d3f:PropertyListFile";T1546014["Emond"] --> |may-create| PropertyListFile["Property List File"]; class T1546014 OffensiveTechniqueNode; class PropertyListFile ArtifactNode; click T1546014 href "/offensive-technique/attack/T1546.014/"; click PropertyListFile href "/dao/artifact/d3f:PropertyListFile";T1546014["Emond"] --> |may-modify| PropertyListFile["Property List File"]; class T1546014 OffensiveTechniqueNode; class PropertyListFile ArtifactNode; click T1546014 href "/offensive-technique/attack/T1546.014/"; click PropertyListFile href "/dao/artifact/d3f:PropertyListFile";T1564003["Hidden Window"] --> |may-modify| PropertyListFile["Property List File"]; class T1564003 OffensiveTechniqueNode; class PropertyListFile ArtifactNode; click T1564003 href "/offensive-technique/attack/T1564.003/"; click PropertyListFile href "/dao/artifact/d3f:PropertyListFile";T1543004["Launch Daemon"] --> |modifies| PropertyListFile["Property List File"]; class T1543004 OffensiveTechniqueNode; class PropertyListFile ArtifactNode; click T1543004 href "/offensive-technique/attack/T1543.004/"; click PropertyListFile href "/dao/artifact/d3f:PropertyListFile";T1055014["VDSO Hijacking"] --> |accesses| SharedLibraryFile["Shared Library File"]; class T1055014 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1055014 href "/offensive-technique/attack/T1055.014/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1055001["Dynamic-link Library Injection"] --> |adds| SharedLibraryFile["Shared Library File"]; class T1055001 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1055001 href "/offensive-technique/attack/T1055.001/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1574012["COR_PROFILER"] --> |adds| SharedLibraryFile["Shared Library File"]; class T1574012 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1574012 href "/offensive-technique/attack/T1574.012/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1556002["Password Filter DLL"] --> |creates| SharedLibraryFile["Shared Library File"]; class T1556002 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1556002 href "/offensive-technique/attack/T1556.002/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1055001["Dynamic-link Library Injection"] --> |loads| SharedLibraryFile["Shared Library File"]; class T1055001 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1055001 href "/offensive-technique/attack/T1055.001/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1546009["AppCert DLLs"] --> |loads| SharedLibraryFile["Shared Library File"]; class T1546009 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1546009 href "/offensive-technique/attack/T1546.009/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1546010["AppInit DLLs"] --> |loads| SharedLibraryFile["Shared Library File"]; class T1546010 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1546010 href "/offensive-technique/attack/T1546.010/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1218011["Rundll32"] --> |loads| SharedLibraryFile["Shared Library File"]; class T1218011 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1218011 href "/offensive-technique/attack/T1218.011/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1574001["DLL Search Order Hijacking"] --> |may-create| SharedLibraryFile["Shared Library File"]; class T1574001 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1574001 href "/offensive-technique/attack/T1574.001/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1574002["DLL Side-Loading"] --> |may-create| SharedLibraryFile["Shared Library File"]; class T1574002 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1574002 href "/offensive-technique/attack/T1574.002/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1574004["Dylib Hijacking"] --> |may-create| SharedLibraryFile["Shared Library File"]; class T1574004 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1574004 href "/offensive-technique/attack/T1574.004/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1547008["LSASS Driver"] --> |may-create| SharedLibraryFile["Shared Library File"]; class T1547008 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1547008 href "/offensive-technique/attack/T1547.008/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1014["Rootkit"] --> |may-modify| SharedLibraryFile["Shared Library File"]; class T1014 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1014 href "/offensive-technique/attack/T1014/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1574002["DLL Side-Loading"] --> |may-modify| SharedLibraryFile["Shared Library File"]; class T1574002 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1574002 href "/offensive-technique/attack/T1574.002/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1574004["Dylib Hijacking"] --> |may-modify| SharedLibraryFile["Shared Library File"]; class T1574004 OffensiveTechniqueNode; class SharedLibraryFile ArtifactNode; click T1574004 href "/offensive-technique/attack/T1574.004/"; click SharedLibraryFile href "/dao/artifact/d3f:SharedLibraryFile";T1547009["Shortcut Modification"] --> |may-modify| SymbolicLink["Symbolic Link"]; class T1547009 OffensiveTechniqueNode; class SymbolicLink ArtifactNode; click T1547009 href "/offensive-technique/attack/T1547.009/"; click SymbolicLink href "/dao/artifact/d3f:SymbolicLink";T1037004["RC Scripts"] --> |modifies| SystemInitScript["System Init Script"]; class T1037004 OffensiveTechniqueNode; class SystemInitScript ArtifactNode; click T1037004 href "/offensive-technique/attack/T1037.004/"; click SystemInitScript href "/dao/artifact/d3f:SystemInitScript";T1546004["Unix Shell Configuration Modification"] --> |modifies| UserInitConfigurationFile["User Init Configuration File"]; class T1546004 OffensiveTechniqueNode; class UserInitConfigurationFile ArtifactNode; click T1546004 href "/offensive-technique/attack/T1546.004/"; click UserInitConfigurationFile href "/dao/artifact/d3f:UserInitConfigurationFile";T1564002["Hidden Users"] --> |modifies| UserInitConfigurationFile["User Init Configuration File"]; class T1564002 OffensiveTechniqueNode; class UserInitConfigurationFile ArtifactNode; click T1564002 href "/offensive-technique/attack/T1564.002/"; click UserInitConfigurationFile href "/dao/artifact/d3f:UserInitConfigurationFile";T1562003["Impair Command History Logging"] --> |may-modify| UserInitScript["User Init Script"]; class T1562003 OffensiveTechniqueNode; class UserInitScript ArtifactNode; click T1562003 href "/offensive-technique/attack/T1562.003/"; click UserInitScript href "/dao/artifact/d3f:UserInitScript";T1037001["Logon Script (Windows)"] --> |modifies| UserInitScript["User Init Script"]; class T1037001 OffensiveTechniqueNode; class UserInitScript ArtifactNode; click T1037001 href "/offensive-technique/attack/T1037.001/"; click UserInitScript href "/dao/artifact/d3f:UserInitScript";T1037002["Login Hook"] --> |modifies| UserInitScript["User Init Script"]; class T1037002 OffensiveTechniqueNode; class UserInitScript ArtifactNode; click T1037002 href "/offensive-technique/attack/T1037.002/"; click UserInitScript href "/dao/artifact/d3f:UserInitScript";T1547001["Registry Run Keys / Startup Folder"] --> |may-modify| UserStartupScriptFile["User Startup Script File"]; class T1547001 OffensiveTechniqueNode; class UserStartupScriptFile ArtifactNode; click T1547001 href "/offensive-technique/attack/T1547.001/"; click UserStartupScriptFile href "/dao/artifact/d3f:UserStartupScriptFile";T1547009["Shortcut Modification"] --> |may-modify| UserStartupScriptFile["User Startup Script File"]; class T1547009 OffensiveTechniqueNode; class UserStartupScriptFile ArtifactNode; click T1547009 href "/offensive-technique/attack/T1547.009/"; click UserStartupScriptFile href "/dao/artifact/d3f:UserStartupScriptFile";T1505003["Web Shell"] --> |adds| WebScriptFile["Web Script File"]; class T1505003 OffensiveTechniqueNode; class WebScriptFile ArtifactNode; click T1505003 href "/offensive-technique/attack/T1505.003/"; click WebScriptFile href "/dao/artifact/d3f:WebScriptFile";T1187["Forced Authentication"] --> |may-modify| WindowsShortcutFile["Windows Shortcut File"]; class T1187 OffensiveTechniqueNode; class WindowsShortcutFile ArtifactNode; click T1187 href "/offensive-technique/attack/T1187/"; click WindowsShortcutFile href "/dao/artifact/d3f:WindowsShortcutFile";