Skip to content

Hide Navigation Hide TOC

Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1)

Contextual data about a running process, which may include information such as environment variables, image name, user/owner, etc.

Cluster A Galaxy A Cluster B Galaxy B Level
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Overwrite Process Arguments - T1036.011 (514dc7b3-0b80-4382-80a9-2e2d294f5019) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component ClickOnce - T1127.002 (cc279e50-df85-4c8e-be80-6dc2eda8849c) Attack Pattern 1
Process Metadata (ee575f4a-2d4f-48f6-b18b-89067760adc1) mitre-data-component Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 1
Overwrite Process Arguments - T1036.011 (514dc7b3-0b80-4382-80a9-2e2d294f5019) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c) Attack Pattern Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern 2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497) Attack Pattern 2
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 2
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) Attack Pattern ClickOnce - T1127.002 (cc279e50-df85-4c8e-be80-6dc2eda8849c) Attack Pattern 2