D3FEND™ - A knowledge graph of cybersecurity countermeasures

IRI:
http://d3fend.mitre.org/ontologies/d3fend.owl
Version IRI:
http://d3fend.mitre.org/ontologies/d3fend/0.10.0-BETA-2/d3fend.owl
Other visualisation :
Ontology source - WebVowl

Abstract

Use of the D3FEND Knowledge Graph, and the associated references from this ontology are subject to the Terms of Use. D3FEND is funded by the National Security Agency (NSA) Cybersecurity Directorate and managed by the National Security Engineering Center (NSEC) which is operated by The MITRE Corporation. D3FEND™ and the D3FEND logo are trademarks of The MITRE Corporation. This software was produced for the U.S. Government under Basic Contract No. W56KGU-18-D0004, and is subject to the Rights in Noncommercial Computer Sotware and Noncommercial Computer Software Documentation Clause 252.227-7014 (FEB 2012) Copyright 2021 The MITRE Corporation.

Table of Content

  1. Classes
  2. Object Properties
  3. Data Properties
  4. Named Individuals
  5. Annotation Properties
  6. Namespace Declarations

Classes

.bash_profile and .bashrcc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.004

has super-classes
Event Triggered Executionc
modifiesop some User Init Configuration Filec
is also defined as
named individual

/etc/passwd and /etc/shadowc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.008

has super-classes
OS Credential Dumpingc
accessesop some Encrypted Credentialc
accessesop some Password Filec
is also defined as
named individual

Abuse Elevation Control Mechanismc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548

has super-classes
Defense Evasion Techniquec
Privilege Escalation Techniquec
has sub-classes
Bypass User Access Controlc, Elevated Execution with Promptc, Setuid and Setgidc, Sudo and Sudo Cachingc

Academic Articlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AcademicArticle

has super-classes
Articlec
has sub-classes
Conference Paperc, Journal Articlec

Academic Paper Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AcademicPaperReference

has super-classes
Technique Referencec
has members
Reference - Analysis of the Windows Vista Security Model - Symantec Corporationni, Reference - Continuous authentication by analysis of keyboard typing characteristics - Bradford Univ., UKni, Reference - DETECTING DDoS ATTACK USING Snort -ni, Reference - Dead code eliminationni, Reference - Enhancing Network Security By Preventing User-Initiated Malware Execution -ni, Reference - Firmware Behavior Analysis ConFirmni, Reference - Firmware Behavior Analysis VIPERni, Reference - Firmware Embedded Monitoring Code Symbiotesni, Reference - Indirect Branching Callsni, Reference - Network-Based Buffer Overflow Detection by Exploit Code Analysis - Information Security Research Centreni, Reference - Network-level polymorphic shellcode detection using emulationni, Reference - Predicting Domain Generation Algorithms with Long Short-Term Memory Networks -ni

Access Control Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccessControlConfiguration

has super-classes
Digital Artifactc
has sub-classes
Access Control Listc, Group Policyc
is also defined as
named individual

Access Control Listc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccessControlList

is defined by
http://dbpedia.org/resource/Access-control_list
A list of permissions attached to an object.
has super-classes
Access Control Configurationc

Access Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccessToken

has super-classes
Credentialc
has sub-classes
Kerberos TIcketc, Ticket Granting Ticketc
is also defined as
named individual

Access Token Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134

has super-classes
Defense Evasion Techniquec
Privilege Escalation Techniquec
has sub-classes
Create Process with Tokenc, Make and Impersonate Tokenc, Parent PID Spoofingc, SID-History Injectionc, Token Impersonation/Theftc

Accessibility Featuresc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.008

has super-classes
Event Triggered Executionc
may-createop some Intranet Administrative Network Trafficc
may-modifyop some Executable Binaryc
may-modifyop some System Configuration Database Recordc
is also defined as
named individual

Account Access Removalc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1531

has super-classes
Impact Techniquec
modifiesop some User Accountc
is also defined as
named individual

Account Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087

has super-classes
Discovery Techniquec

Account Lockingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccountLocking

has super-classes
Credential Evictionc
disablesop some User Accountc
is also defined as
named individual

Account Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098

has super-classes
Persistence Techniquec
modifiesop some User Accountc
has sub-classes
Add Office 365 Global Administrator Rolec, Additional Azure Service Principal Credentialsc, Exchange Email Delegate Permissionsc, SSH Authorized Keysc
is also defined as
named individual

Active Certificate Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActiveCertificateAnalysis

has super-classes
Certificate Analysisc
has members
Active Certificate Analysisni
is also defined as
named individual

Add Office 365 Global Administrator Rolec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.003

has super-classes
Account Manipulationc
modifiesop some Global User Accountc
is also defined as
named individual

Add-insc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.006

has super-classes
Office Application Startupc
addsop some Softwarec
may-modifyop some System Configuration Databasec
modifiesop some Office Applicationc
is also defined as
named individual

Additional Azure Service Principal Credentialsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.001

has super-classes
Account Manipulationc
createsop some Credentialc
producesop some Intranet Administrative Network Trafficc
is also defined as
named individual

Admin Feature Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdminFeatureAssessment

has super-classes
Feature Assessmentc
assessesop some Admin Feature Claimc

Admin Feature Claimc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdminFeatureClaim

has super-classes
Provider Claimc
citesop some Information Content Entityc
claimsop some Administrative Featurec
featuresop only Administrative Featurec

Administrative Featurec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeFeature

has super-classes
Capability Featurec

Administrative Network Activity Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkActivityAnalysis

has super-classes
Network Traffic Analysisc
analyzesop some Intranet Administrative Network Trafficc
is also defined as
named individual

Administrative Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkTraffic

has super-classes
Network Trafficc
has sub-classes
Intranet Administrative Network Trafficc
is also defined as
named individual

Agentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Agent

has super-classes
D3FEND Catalog Thingc
employerop some Personc
has sub-classes
Organizationc, Personc

Aliasc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Alias

is defined by
http://dbpedia.org/resource/Alias_(Mac_OS)
In macOS, an alias is a small file that represents another object in a local, remote, or removable[1] file system and provides a dynamic link to it; the target object may be moved or renamed, and the alias will still link to it (unless the original file is recreated; such an alias is ambiguous and how it is resolved depends on the version of macOS).
has super-classes
Slow Symbolic Linkc

Analysis of Alternativesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AnalysisOfAlternatives

has super-classes
D3FEND Catalog Thingc
analyzesop some Portfolio Assessmentc
authorop some Agentc

Analytic Latencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AnalyticLatency

has super-classes
Latencyc
has members
non-real-time-analyticni, real-time-analyticni

AppCert DLLsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.009

has super-classes
Event Triggered Executionc
invokesop some Create Processc
loadsop some Shared Library Filec
modifiesop some System Configuration Database Recordc
is also defined as
named individual

AppInit DLLsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.010

has super-classes
Event Triggered Executionc
invokesop some Create Processc
loadsop some Shared Library Filec
modifiesop some System Configuration Database Recordc
is also defined as
named individual

AppleScript Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.002

has super-classes
Command and Scripting Interpreter Executionc

Appliancec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Appliance

has super-classes
Productc

Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Application

has super-classes
Softwarec
may-containop some Application Configurationc
usesop some Resourcec
has sub-classes
Client Applicationc, Password Managerc, Service Applicationc, User Applicationc
is also defined as
named individual

Application Access Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.001

has super-classes
Use Alternate Authentication Materialc
may-produceop some Network Trafficc
usesop some Access Tokenc
is also defined as
named individual

Application Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfiguration

has super-classes
Configuration Bearing Entityc
has sub-classes
Application Configuration Database Recordc, Application Process Configurationc, Application Rulec, Process Environment Variablec
is also defined as
named individual

Application Configuration Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationDatabase

has super-classes
Databasec
containsop some Application Configuration Database Recordc
has sub-classes
Shim Databasec
is also defined as
named individual

Application Configuration Database Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationDatabaseRecord

has super-classes
Application Configurationc
Recordc
is also defined as
named individual

Application Configuration Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationFile

has super-classes
Configuration Filec
containsop some Application Configurationc
has sub-classes
Compiler Configuration Filec
is also defined as
named individual

Application Configuration Hardeningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationHardening

has super-classes
Application Hardeningc
hardensop some Application Configurationc
is also defined as
named individual

Application Hardeningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationHardening

has super-classes
Defensive Techniquec
enablesop some Hardenc
has sub-classes
Application Configuration Hardeningc, Dead Code Eliminationc, Exception Handler Pointer Validationc, Pointer Authenticationc, Process Segment Execution Preventionc, Segment Address Offset Randomizationc, Stack Frame Canary Validationc
has members
Application Configuration Hardeningni, Dead Code Eliminationni, Exception Handler Pointer Validationni, Pointer Authenticationni, Process Segment Execution Preventionni, Segment Address Offset Randomizationni, Stack Frame Canary Validationni
is also defined as
named individual

Application Inventory Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationInventorySensor

has super-classes
Endpoint Sensorc
monitorsop some Applicationc

Application Layer Firewallc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationLayerFirewall

is defined by
http://dbpedia.org/resource/Application_firewall
An application firewall is a form of firewall that controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls that do not meet the configured policy of the firewall. The application firewall is typically built to control all network traffic on any OSI layer up to the application layer. It is able to control applications or services specifically, unlike a stateful network firewall, which is - without additional software - unable to control network traffic regarding a specific application. There are two primary categories of application firewalls, network-based application firewalls and host-based application firewalls.
has super-classes
Firewallc
has sub-classes
Web Application Firewallc

Application Layer Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071

has super-classes
Command and Control Techniquec
may-transferop some Certificate Filec
producesop some Outbound Internet Network Trafficc
has sub-classes
DNSc, File Transfer Protocolsc, Mail Protocolsc, Web Protocolsc
is also defined as
named individual

Application Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationProcess

has super-classes
User Processc
runsop some Applicationc
has sub-classes
Container Processc, Script Application Processc
is also defined as
named individual

Application Process Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationProcessConfiguration

The current configuration of an application process, stored in memory. It may have been sourced from other types of application configurations, e.g. Application Configuration Files or Application Configuration Database Records.
has super-classes
Application Configurationc

Application Rulec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationRule

A configuration of an application which is used to apply logical or data processing functions to data processed by the application.
has super-classes
Application Configurationc
has sub-classes
Email Rulec

Application Shimc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationShim

An application shim adapts an application program to run on a version of a platform for which they were not originally created. Most commonly "Application Shimming" refers to use of The Windows Application Compatibility Toolkit (ACT) provides backward compatibility by simulating the behavior of older version of Windows.
has super-classes
Shimc

Application Shimmingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.011

has super-classes
Event Triggered Executionc
createsop some Shimc
modifiesop some Shim Databasec
is also defined as
named individual

Application Window Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1010

has super-classes
Discovery Techniquec

Archive Collected Datac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560

has super-classes
Collection Techniquec
createsop some Archive Filec
has sub-classes
Archive via Custom Methodc, Archive via Libraryc, Archive via Utilityc
is also defined as
named individual

Archive Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ArchiveFile

has super-classes
Filec
has sub-classes
Custom Archive Filec
is also defined as
named individual

Archive via Custom Methodc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.003

has super-classes
Archive Collected Datac
createsop some Custom Archive Filec
is also defined as
named individual

Archive via Libraryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.002

has super-classes
Archive Collected Datac
createsop some Archive Filec
is also defined as
named individual

Archive via Utilityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.001

has super-classes
Archive Collected Datac
createsop some Archive Filec
is also defined as
named individual

Articlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Article

has super-classes
Documentc
has sub-classes
Academic Articlec, News Articlec

Artifactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Artifact

A man-made object taken as a whole.
has super-classes
D3FEND Thingc
has sub-classes
Digital Artifactc, Physical Artifactc
is in range of
d3fend-tactical-verb-propertyop

Artifact Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ArtifactServer

A digital artifact server provides access services to digital artifacts in a repository. It provides an associated set of data management, search and access methods allowing application-independent access to the content.
has super-classes
Web Serverc
has sub-classes
Data Artifact Serverc, Software Artifact Serverc

Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Assessment

is defined by
http://wordnet-rdf.princeton.edu/id/05741528-n
The classification of someone or something with respect to its worth.
has super-classes
D3FEND Catalog Thingc
authorop some Agentc
has sub-classes
Capability Assessmentc, Feature Assessmentc, Portfolio Assessmentc

Asymmetric Cryptographyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573.002

has super-classes
Encrypted Channelc
createsop some Outbound Internet Encrypted Trafficc
may-transferop some Certificate Filec
is also defined as
named individual

Asymmetric Keyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AsymmetricKey

Asymmetric keys are public and private keys, paired such that asymmetric (public-key) cryptography algorithms can be implemented using them. Public-key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys: public keys that may be disseminated widely paired with private keys which are known only to the owner. There are two functions that can be achieved: using a public key to authenticate that a message originated with a holder of the paired private key; or encrypting a message with a public key to ensure that only the holder of the paired private key can decrypt it.
has super-classes
Cryptographic Keyc
has sub-classes
Private Keyc, Public Keyc

Asynchronous Procedure Callc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.004

has super-classes
Process Injectionc
may-invokeop some Create Processc
is also defined as
named individual

At (Linux) Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.001

has super-classes
Scheduled Task/Job Executionc

At (Windows) Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.002

has super-classes
Scheduled Task/Job Executionc

ATTACK Mitigationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ATTACKMitigation

has super-classes
ATTACK Thingc
d3fend-commentdp some string
has members
Account Use Policiesni, Active Directory Configurationni, Antivirus/Antimalwareni, Application Developer Guidanceni, Application Isolation and Sandboxingni, Auditni, Behavior Prevention on Endpointni, Boot Integrityni, Code Signingni, Credential Access Protectionni, Data Backupni, Disable or Remove Feature or Programni, Do Not Mitigateni, Encrypt Sensitive Informationni, Environment Variable Permissionsni, Execution Preventionni, Exploit Protectionni, Filter Network Trafficni, Limit Access to Resource Over Networkni, Limit Hardware Installationni, Limit Software Installationni, Multi-factor Authenticationni, Network Intrusion Preventionni, Network Segmentationni, Operating System Configurationni, Password Policiesni, Pre-compromiseni, Privileged Account Managementni, Privileged Process Integrityni, Remote Data Storageni, Restrict File and Directory Permissionsni, Restrict Library Loadingni, Restrict Registry Permissionni, Restrict Web-Based Contentni, SSL/TLS Inspectionni, Software Configurationni, Threat Intelligence Programni, Update Softwareni, User Account Controlni, User Account Managementni, User Trainingni, Vulnerability Scanningni

ATTACK Thingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ATTACKThing

ATTACK things are concepts defined in the ATT&CK Framework.
has sub-classes
ATTACK Mitigationc, Offensive Tacticc, Offensive Techniquec

Audio Capturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1123

has super-classes
Collection Techniquec
accessesop some Audio Input Devicec
is also defined as
named individual

Audio Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AudioInputDevice

has super-classes
Input Devicec
is also defined as
named individual

Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Authentication

has super-classes
User Actionc
authenticatesop some Userc
may-createop some Intranet Network Trafficc
originates-fromop some Physical Locationc
has sub-classes
Web Authenticationc
is also defined as
named individual

Authentication Cache Invalidationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationCacheInvalidation

has super-classes
Credential Evictionc
deletesop some Credentialc
is also defined as
named individual

Authentication Event Thresholdingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationEventThresholding

has super-classes
User Behavior Analysisc
analyzesop some Authenticationc
is also defined as
named individual

Authentication Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationLog

has super-classes
Logc
recordsop some Authenticationc
is also defined as
named individual

Authentication Packagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.002

has super-classes
Boot or Logon Autostart Executionc
modifiesop some System Configuration Database Recordc
is also defined as
named individual

Authentication Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationServer

is defined by
http://dbpedia.org/resource/Authentication_server
An authentication server provides a network service that applications use to authenticate the credentials, usually account names and passwords, of their users. When a client submits a valid set of credentials, it receives a cryptographic ticket that it can subsequently use to access various services. Major authentication algorithms include passwords, Kerberos, and public key encryption.
has super-classes
Serverc

Authentication Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationService

has super-classes
Service Applicationc
has sub-classes
Local Authentication Servicec, Remote Authentication Servicec
is also defined as
named individual

Authorizationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Authorization

has super-classes
User Actionc
authorizesop some Network Resource Accessc
has sub-classes
Cloud Service Authorizationc
is also defined as
named individual

Authorization Event Thresholdingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthorizationEventThresholding

has super-classes
User Behavior Analysisc
analyzesop some Authorizationc
is also defined as
named individual

Authorization Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthorizationLog

has super-classes
Logc
recordsop some Network Resource Accessc
is also defined as
named individual

Authorization Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthorizationService

is defined by
https://www.sciencedirect.com/referencework/9780122272400/encyclopedia-of-information-systems
An authorization service ensures that the user is authorized to have access to a particular resource. Authorization can be done through role-based access control (RBAC) or list-based access control (LBAC).
has super-classes
Service Applicationc
has sub-classes
Local Authorization Servicec, Remote Authorization Servicec

Automated Collectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1119

has super-classes
Collection Techniquec
accessesop some Filec
is also defined as
named individual

Automated Exfiltrationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1020

has super-classes
Exfiltration Techniquec
producesop some Internet Network Trafficc
is also defined as
named individual

Barcode Scanner Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BarcodeScannerInputDevice

is defined by
http://dbpedia.org/resource/Barcode_reader
A barcode reader (or barcode scanner) is an optical scanner that can read printed barcodes, decode the data contained in the barcode and send the data to a computer. Like a flatbed scanner, it consists of a light source, a lens and a light sensor translating for optical impulses into electrical signals. Additionally, nearly all barcode readers contain decoder circuitry that can analyze the barcode's image data provided by the sensor and sending the barcode's content to the scanner's output port.
has super-classes
Image Scanner Input Devicec

Bash Historyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.003

has super-classes
Unsecured Credentialsc
accessesop some Command History Log Filec
is also defined as
named individual

Bidirectional Communicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102.002

has super-classes
Web Servicec

Binary Large Objectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BinaryLargeObject

is defined by
http://dbpedia.org/resource/Binary_large_object
A binary large object (BLOB) is a collection of binary data stored as a single entity. Blobs are typically images, audio or other multimedia objects, though sometimes binary executable code is stored as a blob.
has super-classes
Digital Artifactc
has sub-classes
JavaScript Blobc

Binary Paddingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.001

has super-classes
Obfuscated Files or Informationc
modifiesop some Executable Binaryc
is also defined as
named individual

Binary Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BinarySegment

A binary segment is a partition of binary information within a larger binary object, which arranges a set of binary objects for its purpose. For example, code, data, heap, and stack segments are segments of the binary information used by a process. Code and data segments are also found in object files.
has super-classes
Digital Artifactc
has sub-classes
Image Segmentc, Process Segmentc

Biometric Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BiometricAuthentication

has super-classes
Credential Hardeningc
is also defined as
named individual

BITS Jobsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1197

has super-classes
Defense Evasion Techniquec
Persistence Techniquec
may-produceop some Intranet IPC Network Trafficc
may-produceop some Intranet Web Network Trafficc
may-produceop some Outbound Internet Web Trafficc
is also defined as
named individual

Blobc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Blob

is defined by
http://dbpedia.org/resource/Binary_large_object
A binary large object (BLOB) is a collection of binary data stored as a single entity. Blobs are typically images, audio or other multimedia objects, though sometimes binary executable code is stored as a blob. They can exist as persistent values inside some databases, or exist at runtime as program variables in some languages. The term is used in NoSQL databases, especially in key-value store databases such as Redis. The term is also used by languages that allow runtime manipulation of Blobs, like JavaScript. (en)
has super-classes
Digital Artifactc

Block Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BlockDevice

has super-classes
Digital Artifactc
containsop some Boot Sectorc
containsop some Partitionc
containsop some Partition Tablec
may-containop some Volumec
is also defined as
named individual

Book Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BookReference

has super-classes
Technique Referencec

Boot Loaderc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BootLoader

has super-classes
Digital Artifactc
has sub-classes
First-stage Boot Loaderc, Second-stage Boot Loaderc
is also defined as
named individual

Boot or Logon Autostart Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547

has super-classes
Persistence Techniquec
Privilege Escalation Techniquec
has sub-classes
Authentication Packagec, Kernel Modules and Extensionsc, LSASS Driverc, Login Itemsc, Plist Modificationc, Port Monitorsc, Re-opened Applicationsc, Registry Run Keys / Startup Folderc, Security Support Providerc, Shortcut Modificationc, Time Providersc, Winlogon Helper DLLc

Boot or Logon Initialization Scriptsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037

has super-classes
Persistence Techniquec
Privilege Escalation Techniquec
has sub-classes
Logon Script (Mac)c, Logon Script (Windows)c, Network Logon Scriptc, Rc.commonc, Startup Itemsc

Boot Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BootRecord

A d3f:Record which is an essential component of the early boot (system initialization) process.
has super-classes
Recordc
has sub-classes
Boot Sectorc, Volume Boot Recordc

Boot Sectorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BootSector

has super-classes
Boot Recordc
is also defined as
named individual

Bootkitc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.003

has super-classes
Pre-OS Bootc
may-modifyop some Boot Loaderc
may-modifyop some Boot Sectorc
may-modifyop some Volume Boot Recordc
is also defined as
named individual

Bootloader Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BootloaderAuthentication

has super-classes
Platform Hardeningc
authenticatesop some Boot Loaderc
is also defined as
named individual

Broadcast Domain Isolationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BroadcastDomainIsolation

has super-classes
Network Isolationc
filtersop some Local Area Network Trafficc
is also defined as
named individual

Browserc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Browser

has super-classes
User Applicationc
may-containop some Browser Extensionc
is also defined as
named individual

Browser Bookmark Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1217

has super-classes
Discovery Techniquec

Browser Extensionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BrowserExtension

has super-classes
User Applicationc
extendsop some Browserc
is also defined as
named individual

Browser Extensionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1176

has super-classes
Persistence Techniquec
modifiesop some Browser Extensionc
is also defined as
named individual

Brute Forcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110

has super-classes
Credential Access Techniquec
has sub-classes
Credential Stuffingc, Password Crackingc, Password Guessingc, Password Sprayingc

Build Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BuildTool

A tool that automates the process of creating a software build and the associated processes including: compiling computer source code into binary code, packaging binary code, and running automated tests.
has super-classes
Developer Applicationc
has sub-classes
Compilerc, Software Packaging Toolc

Business Communication Platform Clientc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BusinessCommunicationPlatformClient

is defined by
http://dbpedia.org/resource/Business_communication
Client software to enable the process of sharing information between employees within and outside a company. Business communication encompasses topics such as marketing, brand management, customer relations, consumer behavior, advertising, public relations, corporate communication, community engagement, reputation management, interpersonal communication, employee engagement, and event management. It is closely related to the fields of professional communication and technical communication.
has super-classes
Collaborative Softwarec

Bypass User Access Controlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.002

has super-classes
Abuse Elevation Control Mechanismc
executesop some Executable Filec
invokesop some Create Processc
may-modifyop some System Configuration Database Recordc
is also defined as
named individual

Byte Sequence Emulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ByteSequenceEmulation

has super-classes
Network Traffic Analysisc
is also defined as
named individual

CA Certificate Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CACertificateFile

A file containing a digital certificate issued by a certificate authority (CA). Certificate authorities store, issue, and sign digital certificates used as part of the public key infrastructure.
has super-classes
Certificate Filec

Cached Domain Credentialsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.005

has super-classes
OS Credential Dumpingc
accessesop some Encrypted Credentialc
may-modifyop some Logc
is also defined as
named individual

Call Stackc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CallStack

has super-classes
Digital Artifactc
containsop some Stack Framec
is also defined as
named individual

Capabilityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Capability

is defined by
http://dbpedia.org/resource/Capability_(systems_engineering)
has super-classes
D3FEND Thingc
assessed-byop some Capability Assessmentc
has-featureop some Capability Featurec

Capability Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CapabilityAssessment

has super-classes
Assessmentc
assessesop some Capabilityc
has-evidenceop some Admin Feature Assessmentc
has-evidenceop some Defensive Technique Assessmentc
has-implementationop some Capability Implementationc

Capability Featurec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CapabilityFeature

A distinguishing characteristic of a capability (e.g., performance, portability, or functionality).
has super-classes
D3FEND Catalog Thingc
has sub-classes
Administrative Featurec, Defensive Techniquec
is in range of
featuresop

Capability Implementationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CapabilityImplementation

has super-classes
D3FEND Catalog Thingc
featuresop some Administrative Featurec
latencyop some D3FEND Catalog Thingc
operating-systemdp some string
versiondp some string
has sub-classes
Productc, Servicec
is in domain of
implementsop, operating-systemdp, versiondp
is in range of
implemented-byop

Certificatec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Certificate

has super-classes
Digital Artifactc
containsop some Identifierc
containsop some Public Keyc
is also defined as
named individual

Certificate Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateAnalysis

has super-classes
Network Traffic Analysisc
analyzesop some Certificate Filec
has sub-classes
Active Certificate Analysisc, Passive Certificate Analysisc
has members
Active Certificate Analysisni, Certificate Analysisni, Passive Certificate Analysisni
is also defined as
named individual

Certificate Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateFile

has super-classes
Filec
containsop some Certificatec
has sub-classes
CA Certificate Filec
is also defined as
named individual

Certificate Pinningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificatePinning

has super-classes
Credential Hardeningc
authenticatesop some Public Keyc
is also defined as
named individual

Certificate Trust Storec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateTrustStore

has super-classes
Trust Storec
containsop some Certificatec
is also defined as
named individual

Certificate-based Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Certificate-basedAuthentication

has super-classes
Credential Hardeningc
is also defined as
named individual

Change Default File Associationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.001

has super-classes
Event Triggered Executionc
modifiesop some System Configuration Database Recordc
is also defined as
named individual

Chatroom Clientc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ChatroomClient

is defined by
http://dbpedia.org/resource/Chat_room
Client software used to describe conduct any form of synchronous conferencing, occasionally even asynchronous conferencing. The term can thus mean any technology ranging from real-time online chat and online interaction with strangers (e.g., online forums) to fully immersive graphical social environments.
has super-classes
Collaborative Softwarec

Child Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ChildProcess

is defined by
http://dbpedia.org/resource/Child_process
A child process in computing is a process created by another process (the parent process). This technique pertains to multitasking operating systems, and is sometimes called a subprocess or traditionally a subtask. There are two major procedures for creating a child process: the fork system call (preferred in Unix-like systems and the POSIX standard) and the spawn (preferred in the modern (NT) kernel of Microsoft Windows, as well as in some historical operating systems).
has super-classes
Processc

Clear Command Historyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.003

has super-classes
Indicator Removal on Hostc
modifiesop some Command History Logc
is also defined as
named individual

Clear Linux or Mac System Logsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.002

has super-classes
Indicator Removal on Hostc
modifiesop some Operating System Log Filec
is also defined as
named individual

Clear Windows Event Logsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.001

has super-classes
Indicator Removal on Hostc
modifiesop some Event Logc
is also defined as
named individual

Client Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ClientApplication

has super-classes
Applicationc
is also defined as
named individual

Client Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ClientComputer

is defined by
http://dbpedia.org/resource/Client_(computing)
A client computer is a host that accesses a service made available by a server. The server is often (but not always) on another computer system, in which case the client accesses the service by way of a network.
has super-classes
Hostc
has sub-classes
Embedded Computerc, Personal Computerc, Shared Computerc

Client-server Payload Profilingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Client-serverPayloadProfiling

has super-classes
Network Traffic Analysisc
analyzesop some Network Trafficc
is also defined as
named individual

Clipboardc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Clipboard

has super-classes
Digital Artifactc
is also defined as
named individual

Clipboard Datac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1115

has super-classes
Collection Techniquec
readsop some Clipboardc
is also defined as
named individual

Cloud Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.004

has super-classes
Create Accountc
createsop some Cloud User Accountc
is also defined as
named individual

Cloud Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.004

has super-classes
Valid Accountsc
usesop some Cloud User Accountc
is also defined as
named individual

Cloud Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudConfiguration

has super-classes
Configuration Bearing Entityc
has sub-classes
Cloud Instance Metadatac
is also defined as
named individual

Cloud Instance Metadatac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudInstanceMetadata

has super-classes
Cloud Configurationc
is also defined as
named individual

Cloud Instance Metadata APIc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.005

has super-classes
Unsecured Credentialsc
accessesop some Cloud Instance Metadatac
is also defined as
named individual

Cloud Service Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudServiceAuthentication

A request-response comprising a user credential presentation to a system and a verification response where the verifying party is a cloud service.
has super-classes
Web Authenticationc

Cloud Service Authorizationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudServiceAuthorization

Cloud authorization is the function of specifying access rights to cloud resources.
has super-classes
Authorizationc

Cloud Service Dashboardc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1538

has super-classes
Discovery Techniquec
accessesop some Cloud Configurationc
is also defined as
named individual

Cloud Service Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1526

has super-classes
Discovery Techniquec
readsop some Cloud Configurationc
is also defined as
named individual

Cloud Service Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudServiceSensor

has super-classes
Sensorc
monitorsop some Cloud Service Authenticationc
monitorsop some Cloud Service Authorizationc

Cloud Storagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudStorage

has super-classes
Storagec
is also defined as
named individual

Cloud Storage Object Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1619

has super-classes
Discovery Techniquec
accessesop some Cloud Storagec
is also defined as
named individual

Cloud User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudUserAccount

has super-classes
User Accountc
is also defined as
named individual

CMSTPc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.003

has super-classes
Signed Binary Proxy Executionc
invokesop some Create Processc
may-produceop some Network Trafficc
is also defined as
named individual

Code Analyzerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CodeAnalyzer

Code analyzers automatically analyze the composition or behavior of computer programs regarding a property such as correctness, robustness, security, and safety. Program analysis can be performed without executing the program (static program analysis), during runtime (dynamic program analysis) or in a combination of both.
has super-classes
Developer Applicationc
has sub-classes
Dynamic Analysis Toolc, Static Analysis Toolc

Code Repositoriesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.003

has super-classes
Data from Information Repositoriesc
readsop some Code Repositoryc
is also defined as
named individual

Code Repositoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CodeRepository

has super-classes
Databasec
containsop some Source Codec
is also defined as
named individual

Code Signingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.002

has super-classes
Subvert Trust Controlsc
enablesop some Defense Evasionc
is also defined as
named individual

Collaborative Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CollaborativeSoftware

is defined by
http://dbpedia.org/resource/Collaborative_software
Collaborative software or groupware is application software designed to help people working on a common task to attain their goals. One of the earliest definitions of groupware is "intentional group processes plus software to support them". Collaborative software is a broad concept that overlaps considerably with computer-supported cooperative work (CSCW). According to Carstensen and Schmidt (1999) groupware is part of CSCW. The authors claim that CSCW, and thereby groupware, addresses "how collaborative activities and their coordination can be supported by means of computer systems."
has super-classes
User Applicationc
has sub-classes
Business Communication Platform Clientc, Chatroom Clientc, Instant Messaging Clientc

Collectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Collection

has super-classes
Offensive Tacticc
display-orderdp value 2
is also defined as
named individual

Collection Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CollectionTechnique

has super-classes
Offensive Techniquec
enablesop some Collectionc
has sub-classes
Archive Collected Datac, Audio Capturec, Automated Collectionc, Clipboard Datac, Data Stagedc, Data from Cloud Storage Objectc, Data from Information Repositoriesc, Data from Local Systemc, Data from Network Shared Drivec, Data from Removable Mediac, Email Collectionc, Input Capturec, Man in the Browserc, Man-in-the-Middlec, Screen Capturec, Video Capturec
is also defined as
named individual

Commandc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Command

has super-classes
Digital Artifactc
Digital Eventc
has sub-classes
Database Queryc, Remote Commandc
is also defined as
named individual

Command And Controlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandAndControl

has super-classes
Offensive Tacticc
is also defined as
named individual

Command and Control Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandAndControlTechnique

has super-classes
Offensive Techniquec
enablesop some Command And Controlc
has sub-classes
Application Layer Protocolc, Communication Through Removable Mediac, Data Encodingc, Data Obfuscationc, Dynamic Resolutionc, Encrypted Channelc, Fallback Channelsc, Ingress Tool Transferc, Multi-Stage Channelsc, Non-Application Layer Protocolc, Non-Standard Portc, Protocol Tunnelingc, Proxyc, Remote Access Softwarec, Traffic Signalingc, Web Servicec
is also defined as
named individual

Command and Scripting Interpreter Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059

has super-classes
Execution Techniquec
executesop some Executable Scriptc
has sub-classes
AppleScript Executionc, JavaScript/JScriptc, Network Device CLIc, PowerShell Executionc, Python Executionc, Unix Shell Executionc, VBScript Executionc, Windows Command Shell Executionc
is also defined as
named individual

Command History Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandHistoryLog

has super-classes
Event Logc
is also defined as
named individual

Command History Log Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandHistoryLogFile

has super-classes
Log Filec
containsop some Command History Logc
is also defined as
named individual

Command Line Interfacec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandLineInterface

is defined by
http://dbpedia.org/resource/Command-line_interface
A command-line interface or command language interpreter (CLI), also known as command-line user interface, console user interface, and character user interface (CUI), is a means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines). Command-line interfaces to computer operating systems are less widely used by casual computer users, who favor graphical user interfaces. Programs with command-line interfaces are generally easier to automate via scripting.
has super-classes
User Interfacec

Communication Through Removable Mediac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1092

has super-classes
Command and Control Techniquec
modifiesop some Removable Media Devicec
is also defined as
named individual

Compile After Deliveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.004

has super-classes
Obfuscated Files or Informationc
createsop some Executable Filec
is also defined as
named individual

Compiled HTML Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.001

has super-classes
Signed Binary Proxy Executionc
invokesop some Create Filec
invokesop some Create Processc
is also defined as
named individual

Compilerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Compiler

has super-classes
Build Toolc
readsop some Compiler Configuration Filec
is also defined as
named individual

Compiler Configuration Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CompilerConfigurationFile

has super-classes
Application Configuration Filec
is also defined as
named individual

Component Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.002

has super-classes
Pre-OS Bootc
modifiesop some Firmwarec
is also defined as
named individual

Component Object Model Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559.001

has super-classes
Inter-Process Communication Executionc

Component Object Model Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.015

has super-classes
Event Triggered Executionc
loadsop some Executable Binaryc
modifiesop some System Configuration Databasec
is also defined as
named individual

Compromise Client Software Binaryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1554

has super-classes
Persistence Techniquec
modifiesop some Client Applicationc
is also defined as
named individual

Compromise Hardware Supply Chainc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.003

has super-classes
Supply Chain Compromisec
modifiesop some Hardware Devicec
is also defined as
named individual

Compromise Software Dependencies and Development Toolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.001

has super-classes
Supply Chain Compromisec
modifiesop some Softwarec
is also defined as
named individual

Compromise Software Supply Chainc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.002

has super-classes
Supply Chain Compromisec
modifiesop some Softwarec
is also defined as
named individual

Computing Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ComputingServer

is defined by
https://www.encyclopedia.com/computing/dictionaries-thesauruses-pictures-and-press-releases/compute-server
A compute server is a system specifically designed to undertake large amounts of computation, usually but not necessarily in a client/server environment.
has super-classes
Serverc

Conference Paperc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConferencePaper

has super-classes
Academic Articlec

Configuration Bearing Entityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationBearingEntity

has super-classes
Resourcec
has sub-classes
Application Configurationc, Cloud Configurationc, Operating System Configurationc
is also defined as
named individual

Configuration Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationFile

is defined by
http://dbpedia.org/resource/Configuration_file
A file containing Information used to configure the parameters and initial settings for some computer programs. They are used for user applications, server processes and operating system settings.
has super-classes
Filec
has sub-classes
Application Configuration Filec, Operating System Configuration Filec, Property List Filec, User Init Configuration Filec

Confluencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.001

has super-classes
Data from Information Repositoriesc
accessesop some Web File Resourcec
is also defined as
named individual

Connect Socketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectSocket

The connect socket system call connects the socket to a target address.
has super-classes
System Callc

Connected Honeynetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectedHoneynet

has super-classes
Decoy Environmentc
spoofsop some Local Area Networkc
is also defined as
named individual

Connection Attempt Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectionAttemptAnalysis

has super-classes
Network Traffic Analysisc
analyzesop some Intranet Network Trafficc
is also defined as
named individual

Container Build Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerBuildTool

A software build tool that creates a container (e.g., Docker container) for deployment.
has super-classes
Software Packaging Toolc

Container Imagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerImage

has super-classes
Filec
is also defined as
named individual

Container Orchestration Softwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerOrchestrationSoftware

has super-classes
Service Applicationc
is also defined as
named individual

Container Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerProcess

A running instance of a d3f:ContainerImage
has super-classes
Application Processc

Container Runtimec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerRuntime

has super-classes
Service Applicationc
runsop some Container Imagec
is also defined as
named individual

Control Panel Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.002

has super-classes
Signed Binary Proxy Executionc
invokesop some Create Processc
may-modifyop some System Configuration Database Recordc
is also defined as
named individual

COR_PROFILERc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.012

has super-classes
Hijack Execution Flowc
addsop some Shared Library Filec
modifiesop some System Configuration Database Recordc
is also defined as
named individual

Create Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1136

has super-classes
Persistence Techniquec
Privilege Escalation Techniquec
createsop some User Accountc
has sub-classes
Cloud Accountc, Domain Accountc, Local Accountc
is also defined as
named individual

Create Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateFile

has super-classes
System Callc
createsop some Filec
is also defined as
named individual

Create or Modify System Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543

has super-classes
Persistence Techniquec
Privilege Escalation Techniquec
has sub-classes
Launch Agentc, Launch Daemonc, Systemd Servicec, Windows Servicec

Create Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateProcess

has super-classes
System Callc
has members
Linux Execni
is also defined as
named individual

Create Process with Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.002

has super-classes
Access Token Manipulationc
copiesop some Access Tokenc
may-modifyop some Event Logc
is also defined as
named individual

Create Socketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateSocket

A create socket system call creates an endpoint for communication and returns a file descriptor that refers to that endpoint.
has super-classes
System Callc

Create Threadc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateThread

has super-classes
System Callc
is also defined as
named individual

Credentialc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Credential

has super-classes
Digital Artifactc
authenticatesop some User Accountc
has sub-classes
Access Tokenc, Encrypted Credentialc, Passwordc, Session Cookiec
is also defined as
named individual

Credential Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialAccess

has super-classes
Offensive Tacticc
is also defined as
named individual

Credential Access Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialAccessTechnique

has super-classes
Offensive Techniquec
enablesop some Credential Accessc
has sub-classes
Brute Forcec, Credentials from Password Storesc, Exploitation for Credential Accessc, Forced Authenticationc, Input Capturec, Man-in-the-Middlec, Modify Authentication Processc, Network Sniffingc, OS Credential Dumpingc, Steal Application Access Tokenc, Steal Web Session Cookiec, Steal or Forge Kerberos Ticketsc, Two-Factor Authentication Interceptionc, Unsecured Credentialsc
is also defined as
named individual

Credential API Hookingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.004

has super-classes
Input Capturec
may-modifyop some Process Code Segmentc
is also defined as
named individual

Credential Compromise Scope Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialCompromiseScopeAnalysis

has super-classes
User Behavior Analysisc
analyzesop some Credentialc
is also defined as
named individual

Credential Evictionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialEviction

has super-classes
Defensive Techniquec
enablesop some Evictc
has sub-classes
Account Lockingc, Authentication Cache Invalidationc
has members
Account Lockingni, Authentication Cache Invalidationni
is also defined as
named individual

Credential Hardeningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialHardening

has super-classes
Defensive Techniquec
enablesop some Hardenc
has sub-classes
Biometric Authenticationc, Certificate Pinningc, Certificate-based Authenticationc, Credential Transmission Scopingc, Domain Trust Policyc, Multi-factor Authenticationc, One-time Passwordc, Strong Password Policyc, User Account Permissionsc
has members
Biometric Authenticationni, Certificate Pinningni, Certificate-based Authenticationni, Credential Transmission Scopingni, Domain Trust Policyni, Multi-factor Authenticationni, One-time Passwordni, Strong Password Policyni, User Account Permissionsni
is also defined as
named individual

Credential Management Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialManagementSystem

has super-classes
Service Applicationc
is also defined as
named individual

Credential Stuffingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.004

has super-classes
Brute Forcec
may-createop some Intranet Administrative Network Trafficc
modifiesop some Authentication Logc
producesop some Authenticationc
is also defined as
named individual

Credential Transmission Scopingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialTransmissionScoping

has super-classes
Credential Hardeningc
restrictsop some Credentialc
is also defined as
named individual

Credentials from Password Storesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555

has super-classes
Credential Access Techniquec
accessesop some Password Storec
has sub-classes
Credentials from Web Browsersc, Keychainc, Securityd Memoryc
is also defined as
named individual

Credentials from Web Browsersc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.003

has super-classes
Credentials from Password Storesc
may-accessop some In-memory Password Storec
is also defined as
named individual

Credentials in Filesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.001

has super-classes
Unsecured Credentialsc
accessesop some Filec
is also defined as
named individual

Credentials in Registryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.002

has super-classes
Unsecured Credentialsc
accessesop some System Configuration Databasec
is also defined as
named individual

Cron Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.003

has super-classes
Scheduled Task/Job Executionc

Cryptographic Keyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CryptographicKey

is defined by
http://dbpedia.org/resource/Public-key_cryptography
In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm. For encryption algorithms, a key specifies the transformation of plaintext into ciphertext, and vice versa for decryption algorithms. Keys also specify transformations in other cryptographic algorithms, such as digital signature schemes and message authentication codes.
has super-classes
Digital Artifactc
has sub-classes
Asymmetric Keyc, Symmetric Keyc

Custom Archive Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CustomArchiveFile

has super-classes
Archive Filec
is also defined as
named individual

D3FEND Catalog Thingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#D3FENDCatalogThing

has super-classes
D3FEND Thingc
has sub-classes
Agentc, Analysis of Alternativesc, Assessmentc, Capability Featurec, Capability Implementationc, Information Content Entityc, Propositionc

D3FEND Thingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#D3FENDThing

Current version :
0.10.0-BETA-2
D3FEND things are concepts defined in the core D3FEND Framework.
has sub-classes
Artifactc, Capabilityc, D3FEND Catalog Thingc, Defensive Tacticc, Defensive Techniquec, Digital Eventc, Digital Objectc, Latencyc, Monitoringc, Physical Objectc, Referencec, Reference Typec, Sensorc, Techniquec, Technique Referencec

Data Artifact Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DataArtifactServer

A data artifact server provides access services to content in a content repository. The content repository or content store is a database of digital content with an associated set of data management, search and access methods allowing application-independent access to the content, rather like a digital library, but with the ability to store and modify content in addition to searching and retrieving. The content repository acts as the storage engine for a larger application such as a content management system or a document management system, which adds a user interface on top of the repository's application programming interface.
has super-classes
Artifact Serverc

Data Destructionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1485

has super-classes
Impact Techniquec

Data Encodingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1132

has super-classes
Command and Control Techniquec
producesop some Outbound Internet Network Trafficc
has sub-classes
Non-Standard Encodingc, Standard Encodingc
is also defined as
named individual

Data Encrypted for Impactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1486

has super-classes
Impact Techniquec

Data from Cloud Storage Objectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1530

has super-classes
Collection Techniquec

Data from Information Repositoriesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213

has super-classes
Collection Techniquec
Discovery Techniquec
accessesop some Resourcec
has sub-classes
Code Repositoriesc, Confluencec, Sharepointc
is also defined as
named individual

Data from Local Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1005

has super-classes
Collection Techniquec
accessesop some Local Resourcec
is also defined as
named individual

Data from Network Shared Drivec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1039

has super-classes
Collection Techniquec
accessesop some Network File Share Resourcec
is also defined as
named individual

Data from Removable Mediac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1025

has super-classes
Collection Techniquec
accessesop some Removable Media Devicec
is also defined as
named individual

Data Manipulationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565

has super-classes
Impact Techniquec
has sub-classes
Runtime Data Manipulationc, Stored Data Manipulationc, Transmitted Data Manipulationc

Data Obfuscationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001

has super-classes
Command and Control Techniquec
producesop some Outbound Internet Network Trafficc
has sub-classes
Junk Datac, Protocol Impersonationc, Steganographyc
is also defined as
named individual

Data Stagedc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074

has super-classes
Collection Techniquec
readsop some Resourcec
has sub-classes
Local Data Stagingc, Remote Data Stagingc
is also defined as
named individual

Data Transfer Size Limitsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1030

has super-classes
Exfiltration Techniquec
producesop some Internet Network Trafficc
is also defined as
named individual

Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Database

has super-classes
Digital Artifactc
has sub-classes
Application Configuration Databasec, Code Repositoryc, Password Databasec, System Configuration Databasec
is also defined as
named individual

Database Queryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseQuery

has super-classes
Commandc
has sub-classes
Remote Database Queryc
is also defined as
named individual

Database Query String Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseQueryStringAnalysis

has super-classes
Process Analysisc
analyzesop some Database Queryc
is also defined as
named individual

Database Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseServer

has super-classes
Serverc
containsop some Databasec
is also defined as
named individual

DCSyncc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.006

has super-classes
OS Credential Dumpingc
may-modifyop some Event Logc
producesop some Intranet Administrative Network Trafficc
is also defined as
named individual

Dead Code Eliminationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DeadCodeElimination

has super-classes
Application Hardeningc
is also defined as
named individual

Dead Drop Resolverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102.001

has super-classes
Web Servicec

Deceivec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Deceive

has super-classes
Defensive Tacticc
is also defined as
named individual

Decoy Artifactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyArtifact

has super-classes
Digital Artifactc
may-containop some Digital Artifactc
is also defined as
named individual

Decoy Environmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyEnvironment

has super-classes
Defensive Techniquec
enablesop some Deceivec
managesop some Decoy Artifactc
has sub-classes
Connected Honeynetc, Integrated Honeynetc, Standalone Honeynetc
has members
Connected Honeynetni, Integrated Honeynetni, Standalone Honeynetni
is also defined as
named individual

Decoy Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyFile

has super-classes
Decoy Objectc
spoofsop some Filec
is also defined as
named individual

Decoy Network Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyNetworkResource

has super-classes
Decoy Objectc
spoofsop some Network Resourcec
is also defined as
named individual

Decoy Objectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyObject

has super-classes
Defensive Techniquec
enablesop some Deceivec
has sub-classes
Decoy Filec, Decoy Network Resourcec, Decoy Personac, Decoy Public Releasec, Decoy Session Tokenc, Decoy User Credentialc
has members
Decoy Fileni, Decoy Network Resourceni, Decoy Personani, Decoy Public Releaseni, Decoy Session Tokenni, Decoy User Credentialni
is also defined as
named individual

Decoy Personac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyPersona

has super-classes
Decoy Objectc
spoofsop some Userc
is also defined as
named individual

Decoy Public Releasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyPublicRelease

has super-classes
Decoy Objectc
is also defined as
named individual

Decoy Session Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoySessionToken

has super-classes
Decoy Objectc
spoofsop some Access Tokenc
is also defined as
named individual

Decoy User Credentialc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyUserCredential

has super-classes
Decoy Objectc
spoofsop some Credentialc
is also defined as
named individual

Defacementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491

has super-classes
Impact Techniquec
has sub-classes
External Defacementc, Internal Defacementc

Default Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.001

has super-classes
Valid Accountsc
usesop some Default User Accountc
is also defined as
named individual

Default User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefaultUserAccount

has super-classes
User Accountc
is also defined as
named individual

Defense Evasionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefenseEvasion

has super-classes
Offensive Tacticc
is also defined as
named individual

Defense Evasion Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefenseEvasionTechnique

has super-classes
Offensive Techniquec
enablesop some Defense Evasionc
has sub-classes
Abuse Elevation Control Mechanismc, Access Token Manipulationc, BITS Jobsc, Deobfuscate/Decode Files or Informationc, Direct Volume Accessc, Execution Guardrailsc, Exploitation for Defense Evasionc, File and Directory Permissions Modificationc, Group Policy Modificationc, Hide Artifactsc, Hijack Execution Flowc, Impair Defensesc, Indicator Blockingc, Indicator Removal from Toolsc, Indicator Removal on Hostc, Indirect Command Executionc, Masqueradingc, Modify Authentication Processc, Modify Registryc, Obfuscated Files or Informationc, Pre-OS Bootc, Process Injectionc, Reflective Code Loadingc, Rogue Domain Controllerc, Rootkitc, Signed Binary Proxy Executionc, Signed Script Proxy Executionc, Subvert Trust Controlsc, Template Injectionc, Traffic Signalingc, Trusted Developer Utilities Proxy Executionc, Unused/Unsupported Cloud Regionsc, Use Alternate Authentication Materialc, Valid Accountsc, Virtualization/Sandbox Evasionc, XSL Script Processingc
is also defined as
named individual

Defensive Tacticc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTactic

has super-classes
D3FEND Thingc
enabled-byop some Defensive Techniquec
display-orderdp some integer
has sub-classes
Deceivec, Detectc, Evictc, Hardenc, Isolatec, Scanc
has members
Deceiveni, Detectni, Evictni, Hardenni, Isolateni, Scanni
is also defined as
named individual

Defensive Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTechnique

has super-classes
Capability Featurec
D3FEND Thingc
Defensive Techniquec
Techniquec
enablesop some Defensive Tacticc
kb-referenceop some Technique Referencec
d3fend-iddp some string
datedp some date time
display-orderdp some integer
has sub-classes
Application Hardeningc, Credential Evictionc, Credential Hardeningc, Decoy Environmentc, Decoy Objectc, Defensive Techniquec, Execution Isolationc, File Analysisc, Identifier Analysisc, Message Analysisc, Message Hardeningc, Network Isolationc, Network Traffic Analysisc, Platform Hardeningc, Platform Monitoringc, Process Analysisc, Process Evictionc, User Behavior Analysisc
is in domain of
d3fend-tactical-verb-propertyop, may-be-tactically-associated-withop
has members
Application Hardeningni, Credential Evictionni, Credential Hardeningni, Decoy Environmentni, Decoy Objectni, Execution Isolationni, File Analysisni, Identifier Analysisni, Message Analysisni, Message Hardeningni, Network Isolationni, Network Traffic Analysisni, Platform Hardeningni, Platform Monitoringni, Process Analysisni, Process Evictionni, User Behavior Analysisni
is also defined as
named individual

Defensive Technique Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTechniqueAssessment

Assessing how well a capability implementation's capability feature functions as a countermeasure.
has super-classes
Feature Assessmentc
assessesop some Defensive Technique Claimc
countersop some Offensive Techniquec
confidencedp some integer
ratingdp only { "0" , "1" , "2" , "3" }
stagedp only { "Deceive" , "Detect" , "Evict" , "Harden" , "Isolate" }
ratingdp exactly 1
stagedp exactly 1
is in range of
assessesop

Defensive Technique Claimc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTechniqueClaim

has super-classes
Provider Claimc
citesop some Information Content Entityc
claimsop some Defensive Techniquec
is in domain of
assessesop

Deobfuscate/Decode Files or Informationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1140

has super-classes
Defense Evasion Techniquec
invokesop some Create Processc
may-addop some Executable Filec
may-modifyop some Event Logc
is also defined as
named individual

Desktop Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DesktopComputer

is defined by
http://dbpedia.org/resource/Desktop_computer
A desktop computer is a personal computer designed for regular use at a single location on or near a desk or table due to its size and power requirements. The most common configuration has a case that houses the power supply, motherboard (a printed circuit board with a microprocessor as the central processing unit (CPU), memory, bus, and other electronic components, disk storage (usually one or more hard disk drives, solid state drives, optical disc drives, and in early models a floppy disk drive); a keyboard and mouse for input; and a computer monitor, speakers, and, often, a printer for output. The case may be oriented horizontally or vertically and placed either underneath, beside, or on top of a desk.
has super-classes
Personal Computerc

Detectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Detect

has super-classes
Defensive Tacticc
is also defined as
named individual

Developer Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DeveloperApplication

An application used to develop computer software including applications used for software construction, analysis, testing, packaging, or management.
has super-classes
User Applicationc
has sub-classes
Build Toolc, Code Analyzerc, Test Execution Toolc, Version Control Toolc

Dial Up Modemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DialUpModem

is defined by
http://dbpedia.org/resource/Modem#Dial-up
A dial-up modem transmits computer data over an ordinary switched telephone line that has not been designed for data use. This contrasts with leased line modems, which also operate over lines provided by a telephone company, but ones which are intended for data use and do not impose the same signaling constraints. The modulated data must fit the frequency constraints of a normal voice audio signal, and the modem must be able to perform the actions needed to connect a call through a telephone exchange, namely: picking up the line, dialing, understanding signals sent back by phone company equipment (dial tone, ringing, busy signal,) and on the far end of the call, the second modem in the connection must be able to recognize the incoming ring signal and answer the line.
has super-classes
Modemc

Digital Artifactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalArtifact

has super-classes
Artifactc
Digital Objectc
has sub-classes
Access Control Configurationc, Binary Large Objectc, Binary Segmentc, Blobc, Block Devicec, Boot Loaderc, Call Stackc, Certificatec, Clipboardc, Commandc, Credentialc, Cryptographic Keyc, DNS Lookupc, Databasec, Decoy Artifactc, Digital Systemc, Directoryc, Display Serverc, Domain Registrationc, Enclavec, File Sectionc, File Systemc, File System Linkc, Hardware Devicec, Hardware Driverc, Identifierc, Interprocess Communicationc, Kernel Process Tablec, Logc, Metadatac, Networkc, Network Flowc, Network Nodec, Network Trafficc, Operating Systemc, Partitionc, Partition Tablec, Physical Locationc, Platformc, Pointerc, Processc, Process Imagec, Process Treec, Recordc, Resourcec, Sessionc, Softwarec, Stack Componentc, Storagec, System Callc, Task Schedulec, Trust Storec, Userc, User Accountc, User Actionc, User Behaviorc, User Interfacec, User to User Messagec, Volumec
is in domain of
d3fend-artifact-data-propertydp
is in range of
hidesop
is also defined as
named individual

Digital Eventc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalEvent

has super-classes
D3FEND Thingc
has sub-classes
Commandc, DNS Lookupc, Resource Accessc, System Callc, User Actionc

Digital Objectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalObject

A digital object is the top-level class for an information bearing object that exists in a digital environment. The digital object may be virtual or physical.
has super-classes
D3FEND Thingc
has sub-classes
Digital Artifactc

Digital Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalSystem

A digital system is a group of interacting or interrelated digital artifacts that act according to a set of rules to form a unified whole. A digital system, surrounded and influenced by its environment, is described by its boundaries, structure and purpose and expressed in its functioning. Systems are the subjects of study of systems theory.
has super-classes
Digital Artifactc
has sub-classes
Legacy Systemc

Direct Network Floodc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498.001

has super-classes
Network Denial of Servicec
createsop some Inbound Internet Network Trafficc
is also defined as
named individual

Direct Volume Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1006

has super-classes
Defense Evasion Techniquec
accessesop some Volumec
is also defined as
named individual

Directoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Directory

has super-classes
Digital Artifactc
may-containop some Filec
has sub-classes
Startup Directoryc, System Startup Directoryc
is also defined as
named individual

Directory Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DirectoryService

has super-classes
Network Servicec
is also defined as
named individual

Disable or Modify System Firewallc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.004

has super-classes
Impair Defensesc
modifiesop some System Firewall Configurationc
is also defined as
named individual

Disable or Modify Toolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.001

has super-classes
Impair Defensesc
disablesop some Operating System Processc
is also defined as
named individual

Disable Windows Event Loggingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.002

has super-classes
Impair Defensesc
may-modifyop some Application Configurationc
may-modifyop some Operating System Configuration Componentc
is also defined as
named individual

Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Discovery

has super-classes
Offensive Tacticc
is also defined as
named individual

Discovery Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DiscoveryTechnique

has super-classes
Offensive Techniquec
enablesop some Discoveryc
has sub-classes
Account Discoveryc, Application Window Discoveryc, Browser Bookmark Discoveryc, Cloud Service Dashboardc, Cloud Service Discoveryc, Cloud Storage Object Discoveryc, Data from Information Repositoriesc, Domain Trust Discoveryc, File and Directory Discoveryc, Group Policy Discoveryc, Network Service Scanningc, Network Share Discoveryc, Network Sniffingc, Password Policy Discoveryc, Peripheral Device Discoveryc, Permission Groups Discoveryc, Process Discoveryc, Query Registryc, Remote System Discoveryc, Software Discoveryc, System Information Discoveryc, System Location Discoveryc, System Network Configuration Discoveryc, System Network Connections Discoveryc, System Owner/User Discoveryc, System Service Discoveryc, System Time Discoveryc
is also defined as
named individual

Disk Content Wipec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561.001

has super-classes
Disk Wipec
may-modifyop some Boot Sectorc
may-modifyop some Partitionc
may-modifyop some Partition Tablec
may-modifyop some Volumec
modifiesop some Block Devicec
is also defined as
named individual

Disk Encryptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DiskEncryption

has super-classes
Platform Hardeningc
encryptsop some Storagec
is also defined as
named individual

Disk Structure Wipec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561.002

has super-classes
Disk Wipec
may-modifyop some Boot Sectorc
may-modifyop some Partition Tablec
is also defined as
named individual

Disk Wipec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561

has super-classes
Impact Techniquec
has sub-classes
Disk Content Wipec, Disk Structure Wipec

Display Adapterc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayAdapter

has super-classes
Output Devicec
is also defined as
named individual

Display Device Driverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayDeviceDriver

has super-classes
Hardware Driverc
drivesop some Display Adapterc
is also defined as
named individual

Display Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayServer

has super-classes
Digital Artifactc
is also defined as
named individual

Distributed Component Object Modelc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.003

has super-classes
Remote Servicesc

DLL Search Order Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.001

has super-classes
Hijack Execution Flowc
may-createop some Shared Library Filec
is also defined as
named individual

DLL Side-Loadingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.002

has super-classes
Hijack Execution Flowc
may-createop some Shared Library Filec
may-modifyop some Shared Library Filec
is also defined as
named individual

DNSc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.004

has super-classes
Application Layer Protocolc
producesop some Outbound Internet DNS Lookup Trafficc
is also defined as
named individual

DNS Allowlistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSAllowlisting

has super-classes
Network Isolationc
blocksop some Outbound Internet DNS Lookup Trafficc
is also defined as
named individual

DNS Calculationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568.003

has super-classes
Dynamic Resolutionc

DNS Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSDenylisting

has super-classes
Network Isolationc
blocksop some DNS Network Trafficc
has sub-classes
Forward Resolution Domain Denylistingc, Forward Resolution IP Denylistingc, Reverse Resolution Domain Denylistingc, Reverse Resolution IP Denylistingc
has members
Forward Resolution Domain Denylistingni, Forward Resolution IP Denylistingni, Reverse Resolution Domain Denylistingni, Reverse Resolution IP Denylistingni
is also defined as
named individual

DNS Lookupc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSLookup

has super-classes
Digital Artifactc
Digital Eventc
has sub-classes
Internet DNS Lookupc, Intranet DNS Lookupc
is also defined as
named individual

DNS Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSNetworkTraffic

has super-classes
Network Trafficc
has sub-classes
Outbound Internet DNS Lookup Trafficc
is also defined as
named individual

DNS Recordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSRecord

A Domain Name System (DNS) record is a record of information returned to clients seeking to find computers, services, and other resources connected to the Internet or a private network. Record information is stored on a domain name server so it can respond to DNS queries from clients.There are a variety of record types, depending on the client's information needs. Common types include Start of Authority, IP addresses, SMTP mail exchangers, name servers, reverse DNS lookup pointers, etc.
has super-classes
Recordc

DNS Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSServer

is defined by
http://dbpedia.org/resource/Name_server
A Domain Name System (DNS) name server is a kind of name server. Domain names are one of the two principal namespaces of the Internet. The most important function of DNS servers is the translation (resolution) of human-memorable domain names and hostnames into the corresponding numeric Internet Protocol (IP) addresses, the second principal name space of the Internet which is used to identify and locate computer systems and resources on the Internet. (en). More generally, a name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.
has super-classes
Serverc

DNS Traffic Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSTrafficAnalysis

has super-classes
Network Traffic Analysisc
analyzesop some Outbound Internet DNS Lookup Trafficc
may-containop some DNS Lookupc
is also defined as
named individual

Documentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Document

has super-classes
Information Content Entityc
has sub-classes
Articlec, Patentc, Policyc, Specificationc, User Manualc

Document Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DocumentFile

has super-classes
Filec
may-containop some Executable Scriptc
has sub-classes
Emailc, Email Attachmentc, HTML Filec, Office Application Filec
has members
Adobe PDF File 1.3ni, Microsoft Word DOC Fileni, Microsoft Word DOCB Fileni, Microsoft Word DOCM Fileni, Microsoft Word DOCX Fileni, Microsoft Word DOT Fileni, Microsoft Word DOTM Fileni, Microsoft Word DOTX Fileni, Microsoft Word WBK Fileni
is also defined as
named individual

Domain Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.002

has super-classes
Create Accountc
createsop some Domain User Accountc
is also defined as
named individual

Domain Account Monitoringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainAccountMonitoring

has super-classes
User Behavior Analysisc
monitorsop some Domain User Accountc
is also defined as
named individual

Domain Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.002

has super-classes
Valid Accountsc
usesop some Domain User Accountc
is also defined as
named individual

Domain Controller Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.001

has super-classes
Modify Authentication Processc

Domain Frontingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.004

has super-classes
Proxyc
producesop some Outbound Internet Encrypted Web Trafficc
is also defined as
named individual

Domain Generation Algorithmsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568.002

has super-classes
Dynamic Resolutionc

Domain Namec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainName

has super-classes
Identifierc
has members
ASCII Domain Nameni, FQDN Domain Nameni, Hostnameni, Internationalized Domain Nameni
is also defined as
named individual

Domain Registrationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainRegistration

has super-classes
Digital Artifactc
may-containop some Domain Namec
has members
WHOIS Compatible Domain Registrationni
is also defined as
named individual

Domain Trust Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1482

has super-classes
Discovery Techniquec

Domain Trust Policyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainTrustPolicy

has super-classes
Credential Hardeningc
restrictsop some Directory Servicec
restrictsop some Domain Accountc
is also defined as
named individual

Domain User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainUserAccount

has super-classes
User Accountc
has sub-classes
Global User Accountc
is also defined as
named individual

Double File Extensionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.007

has super-classes
Masqueradingc
modifiesop some File System Metadatac
is also defined as
named individual

Downgrade Attackc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.010

has super-classes
Impair Defensesc
accessesop some Legacy Systemc
is also defined as
named individual

Drive-by Compromisec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1189

has super-classes
Initial Access Techniquec
modifiesop some Process Segmentc
producesop some Outbound Internet Network Trafficc
producesop some URLc
is also defined as
named individual

Driver Load Integrity Checkingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DriverLoadIntegrityChecking

has super-classes
Platform Hardeningc
authenticatesop some Hardware Driverc
is also defined as
named individual

Dylib Hijackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.004

has super-classes
Hijack Execution Flowc
may-createop some Shared Library Filec
may-modifyop some Shared Library Filec
is also defined as
named individual

Dynamic Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DynamicAnalysis

has super-classes
File Analysisc
analyzesop some Document Filec
analyzesop some Executable Filec
is also defined as
named individual

Dynamic Analysis Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DynamicAnalysisTool

is defined by
http://dbpedia.org/resource/Dynamic_program_analysis
Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual processor.
has super-classes
Code Analyzerc

Dynamic Data Exchange Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559.002

has super-classes
Inter-Process Communication Executionc

Dynamic Resolutionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568

has super-classes
Command and Control Techniquec
producesop some Outbound Internet DNS Lookup Trafficc
has sub-classes
DNS Calculationc, Domain Generation Algorithmsc, Fast Flux DNSc
is also defined as
named individual

Dynamic-link Library Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.001

has super-classes
Process Injectionc
addsop some Shared Library Filec
invokesop some System Callc
loadsop some Shared Library Filec
is also defined as
named individual

Elevated Execution with Promptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.004

has super-classes
Abuse Elevation Control Mechanismc
createsop some System Configuration Databasec
invokesop some System Callc
is also defined as
named individual

Emailc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Email

has super-classes
Document Filec
may-containop some Filec
may-containop some URLc
has members
MSG Email Fileni
is also defined as
named individual

Email Attachmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailAttachment

has super-classes
Document Filec
attached-toop some Emailc
is also defined as
named individual

Email Collectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114

has super-classes
Collection Techniquec
accessesop some Resourcec
has sub-classes
Email Forwarding Rulec, Local Email Collectionc, Remote Email Collectionc
is also defined as
named individual

Email Forwarding Rulec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.003

has super-classes
Email Collectionc
modifiesop some Application Configurationc
is also defined as
named individual

Email Hiding Rulesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.008

has super-classes
Hide Artifactsc
may-createop some Email Rulec
may-modifyop some Email Rulec
modifiesop some Application Configurationc
is also defined as
named individual

Email Rulec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailRule

has super-classes
Application Rulec
is also defined as
named individual

Embedded Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmbeddedComputer

is defined by
http://dbpedia.org/resource/Embedded_system
An embedded computer is a computer system -- a combination of a computer processor, computer memory, and input/output peripheral devices-that has a dedicated function within a larger mechanical or electrical system. It is embedded as part of a complete device often including electrical or electronic hardware and mechanical parts. Because an embedded system typically controls physical operations of the machine that it is embedded within, it often has real-time computing constraints. Embedded systems control many devices in common use today. Ninety-eight percent of all microprocessors manufactured are used in embedded systems.
has super-classes
Client Computerc

Emondc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.014

has super-classes
Event Triggered Executionc
may-createop some Property List Filec
may-modifyop some Property List Filec
modifiesop some Configuration Bearing Entityc
is also defined as
named individual

Emulated File Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmulatedFileAnalysis

has super-classes
File Analysisc
analyzesop some Document Filec
analyzesop some Executable Filec
is also defined as
named individual

Enclavec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Enclave

has super-classes
Digital Artifactc
may-containop some Local Area Networkc
is also defined as
named individual

Encrypted Channelc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573

has super-classes
Command and Control Techniquec
producesop some Outbound Internet Encrypted Trafficc
has sub-classes
Asymmetric Cryptographyc, Symmetric Cryptographyc
is also defined as
named individual

Encrypted Credentialc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EncryptedCredential

has super-classes
Credentialc
is also defined as
named individual

Encrypted Tunnelsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EncryptedTunnels

has super-classes
Network Isolationc
isolatesop some Intranet Networkc
is also defined as
named individual

Endpoint Denial of Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499

has super-classes
Impact Techniquec

Endpoint Health Beaconc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EndpointHealthBeacon

has super-classes
Operating System Monitoringc
is also defined as
named individual

Endpoint Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EndpointSensor

has super-classes
Sensorc
has sub-classes
Application Inventory Sensorc, File System Sensorc, Firmware Sensorc, Host Configuration Sensorc, Kernel API Sensorc
is also defined as
named individual

Environmental Keyingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1480.001

has super-classes
Execution Guardrailsc

Event Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EventLog

has super-classes
Logc
has sub-classes
Command History Logc
is also defined as
named individual

Event Triggered Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546

has super-classes
Persistence Techniquec
Privilege Escalation Techniquec
has sub-classes
.bash_profile and .bashrcc, Accessibility Featuresc, AppCert DLLsc, AppInit DLLsc, Application Shimmingc, Change Default File Associationc, Component Object Model Hijackingc, Emondc, Image File Execution Options Injectionc, LC_LOAD_DYLIB Additionc, Netsh Helper DLLc, PowerShell Profilec, Screensaverc, Trapc, Windows Management Instrumentation Event Subscriptionc

Evictc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Evict

has super-classes
Defensive Tacticc
is also defined as
named individual

Eviction Latencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EvictionLatency

has super-classes
Latencyc
has members
non-real-time-evictionni, real-time-evictionni

Exception Handlerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExceptionHandler

An exception handler is a code segment that processes an exception.
has super-classes
Subroutinec

Exception Handler Pointer Validationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExceptionHandlerPointerValidation

has super-classes
Application Hardeningc
validatesop some Pointerc
is also defined as
named individual

Exchange Email Delegate Permissionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.002

has super-classes
Account Manipulationc
modifiesop some Domain User Accountc
is also defined as
named individual

Executable Allowlistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableAllowlisting

has super-classes
Execution Isolationc
blocksop some Executable Filec
is also defined as
named individual

Executable Binaryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableBinary

has super-classes
Executable Filec
containsop some Image Code Segmentc
containsop some Image Data Segmentc
may-interpretop some Executable Scriptc
has members
Linux ELF File 32bitni, Linux ELF File 64bitni, PE32 Executable Fileni, PE32+ Executable Fileni
is also defined as
named individual

Executable Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableDenylisting

has super-classes
Execution Isolationc
blocksop some Executable Filec
is also defined as
named individual

Executable Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableFile

has super-classes
Filec
has sub-classes
Executable Binaryc, Executable Scriptc
is also defined as
named individual

Executable Installer File Permissions Weaknessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.005

has super-classes
Hijack Execution Flowc
modifiesop some Service Applicationc
is also defined as
named individual

Executable Scriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableScript

has super-classes
Executable Filec
has sub-classes
Init Scriptc, System Init Scriptc, User Init Scriptc, User Startup Script Filec, Web Script Filec
has members
Bash Script Fileni, Javascript Fileni, Lua Script Fileni, Powershell Script Fileni, Python Script Fileni, Ruby Script Fileni, Windows Batch Fileni
is also defined as
named individual

Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Execution

has super-classes
Offensive Tacticc
is also defined as
named individual

Execution Guardrailsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1480

has super-classes
Defense Evasion Techniquec
has sub-classes
Environmental Keyingc

Execution Isolationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutionIsolation

has super-classes
Defensive Techniquec
enablesop some Isolatec
has sub-classes
Executable Allowlistingc, Executable Denylistingc, Hardware-based Process Isolationc, IO Port Restrictionc, Kernel-based Process Isolationc
has members
Executable Denylistingni, Hardware-based Process Isolationni, IO Port Restrictionni, Kernel-based Process Isolationni
is also defined as
named individual

Execution Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutionTechnique

has super-classes
Offensive Techniquec
enablesop some Executionc
has sub-classes
Command and Scripting Interpreter Executionc, Exploitation for Client Executionc, Inter-Process Communication Executionc, Native API Executionc, Scheduled Task/Job Executionc, Shared Modules Executionc, Signed Binary Proxy Executionc, Signed Script Proxy Executionc, Software Deployment Tools Executionc, System Servicesc, User Executionc, Windows Management Instrumentation Executionc
is also defined as
named individual

Exfiltrationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Exfiltration

has super-classes
Offensive Tacticc
is also defined as
named individual

Exfiltration Over Alternative Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048

has super-classes
Exfiltration Techniquec
producesop some Internet Network Trafficc
has sub-classes
Exfiltration Over Asymmetric Encrypted Non-C2 Protocolc, Exfiltration Over Symmetric Encrypted Non-C2 Protocolc, Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocolc
is also defined as
named individual

Exfiltration Over Asymmetric Encrypted Non-C2 Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.002

has super-classes
Exfiltration Over Alternative Protocolc
may-transferop some Certificate Filec
producesop some Outbound Internet Encrypted Trafficc
is also defined as
named individual

Exfiltration Over C2 Channelc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1041

has super-classes
Exfiltration Techniquec
may-transferop some Certificate Filec
producesop some Internet Network Trafficc
is also defined as
named individual

Exfiltration Over Other Network Mediumc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1011

has super-classes
Exfiltration Techniquec
producesop some Internet Network Trafficc
is also defined as
named individual

Exfiltration Over Physical Mediumc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1052

has super-classes
Exfiltration Techniquec
has sub-classes
Exfiltration over USBc

Exfiltration Over Symmetric Encrypted Non-C2 Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.001

has super-classes
Exfiltration Over Alternative Protocolc
producesop some Outbound Internet Encrypted Trafficc
is also defined as
named individual

Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.003

has super-classes
Exfiltration Over Alternative Protocolc
producesop some Outbound Internet Network Trafficc
is also defined as
named individual

Exfiltration over USBc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1052.001

has super-classes
Exfiltration Over Physical Mediumc
modifiesop some Removable Media Devicec
is also defined as
named individual

Exfiltration Over Web Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567

has super-classes
Exfiltration Techniquec
producesop some Outbound Internet Web Trafficc
has sub-classes
Exfiltration to Cloud Storagec, Exfiltration to Code Repositoryc
is also defined as
named individual

Exfiltration Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExfiltrationTechnique

has super-classes
Offensive Techniquec
enablesop some Exfiltrationc
has sub-classes
Automated Exfiltrationc, Data Transfer Size Limitsc, Exfiltration Over Alternative Protocolc, Exfiltration Over C2 Channelc, Exfiltration Over Other Network Mediumc, Exfiltration Over Physical Mediumc, Exfiltration Over Web Servicec, Scheduled Transferc
is also defined as
named individual

Exfiltration to Cloud Storagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567.002

has super-classes
Exfiltration Over Web Servicec
producesop some Outbound Internet Encrypted Web Trafficc
is also defined as
named individual

Exfiltration to Code Repositoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567.001

has super-classes
Exfiltration Over Web Servicec
may-produceop some Outbound Internet Encrypted Remote Terminal Trafficc
may-produceop some Outbound Internet Encrypted Web Trafficc
is also defined as
named individual

Exploit Public-Facing Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1190

has super-classes
Initial Access Techniquec
injectsop some Database Queryc
modifiesop some Process Segmentc
producesop some Inbound Internet Network Trafficc
is also defined as
named individual

Exploitation for Client Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1203

has super-classes
Execution Techniquec
modifiesop some Process Code Segmentc
modifiesop some Stack Framec
is also defined as
named individual

Exploitation for Credential Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1212

has super-classes
Credential Access Techniquec
may-accessop some Authentication Servicec
may-accessop some Credential Management Systemc
may-modifyop some Process Code Segmentc
may-modifyop some Stack Framec
is also defined as
named individual

Exploitation for Defense Evasionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1211

has super-classes
Defense Evasion Techniquec
may-modifyop some Process Code Segmentc
may-modifyop some Stack Framec
is also defined as
named individual

Exploitation for Privilege Escalationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1068

has super-classes
Privilege Escalation Techniquec
enablesop some Privilege Escalationc
may-modifyop some Stack Framec
modifiesop some Process Code Segmentc
is also defined as
named individual

Exploitation of Remote Servicesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1210

has super-classes
Lateral Movement Techniquec
may-modifyop some Process Code Segmentc
may-modifyop some Process Segmentc
may-modifyop some Stack Framec
producesop some Intranet Network Trafficc
is also defined as
named individual

External Defacementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491.002

has super-classes
Defacementc
modifiesop some Network Resourcec
is also defined as
named individual

External Knowledge Basec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExternalKnowledgeBase

has super-classes
Information Content Entityc
Technique Referencec
has members
Reference - CAR-2013-01-002: Autorun Differences -ni, Reference - CAR-2013-01-003: SMB Events Monitoring -ni, Reference - CAR-2013-02-003: Processes Spawning cmd.exe -ni, Reference - CAR-2013-02-008: Simultaneous Logins on a Host - MITREni, Reference - CAR-2013-02-012: User Logged in to Multiple Hosts - MITREni, Reference - CAR-2013-03-001: Reg.exe called from Command Shell - MITREni, Reference - CAR-2013-04-002: Quick execution of a series of suspicious commands - MITREni, Reference - CAR-2013-05-002: Suspicious Run Locations -ni, Reference - CAR-2013-05-003: SMB Write Request -ni, Reference - CAR-2013-05-004: Execution with AT -ni, Reference - CAR-2013-05-005: SMB Copy and Execution -ni, Reference - CAR-2013-07-001: Suspicious Arguments -ni, Reference - CAR-2013-07-002: RDP Connection Detection - MITREni, Reference - CAR-2013-07-005: Command Line Usage of Archiving Software -ni, Reference - CAR-2013-08-001: Execution with schtasks -ni, Reference - CAR-2013-09-003: SMB Session Setups - MITREni, Reference - CAR-2013-09-005: Service Outlier Executables -ni, Reference - CAR-2013-10-001: User Login Activity Monitoring - MITREni, Reference - CAR-2013-10-002: DLL Injection via Load Library - MITREni, Reference - CAR-2014-02-001: Service Binary Modifications - MITREni, Reference - CAR-2014-03-001: SMB Write Request - NamedPipes - MITREni, Reference - CAR-2014-03-005: Remotely Launched Executables via Services - MITREni, Reference - CAR-2014-03-006: RunDLL32.exe monitoring - MITREni, Reference - CAR-2014-04-003: Powershell Execution - MITREni, Reference - CAR-2014-05-001: RPC Activity - MITREni, Reference - CAR-2014-05-002: Services launching Cmd -ni, Reference - CAR-2014-07-001: Service Search Path Interception - MITREni, Reference - CAR-2014-11-002: Outlier Parents of Cmd - MITREni, Reference - CAR-2014-11-003: Debuggers for Accessibility Applications -ni, Reference - CAR-2014-11-003: Debuggers for Accessibility Applications - MITREni, Reference - CAR-2014-11-005: Remote Registry - MITREni, Reference - CAR-2014-11-006: Windows Remote Management (WinRM) - MITREni, Reference - CAR-2014-11-007: Remote Windows Management Instrumentation (WMI) over RPC - MITREni, Reference - CAR-2014-11-008: Command Launched from WinLogon - MITREni, Reference - CAR-2014-12-001: Remotely Launched Executables via WMI - MITREni, Reference - CAR-2015-04-001: Remotely Scheduled Tasks via AT - MITREni, Reference - CAR-2015-04-002: Remotely Scheduled Tasks via Schtasks - MITREni, Reference - CAR-2015-07-001: All Logins Since Last Boot - MITREni, Reference - CAR-2016-03-001: Host Discovery Commands - MITREni, Reference - CAR-2016-03-002: Create Remote Process via WMIC - MITREni, Reference - CAR-2016-04-002: User Activity from Clearing Event Logs - MITREni, Reference - CAR-2016-04-003: User Activity from Stopping Windows Defensive Services - MITREni, Reference - CAR-2016-04-004: Successful Local Account Loginni, Reference - CAR-2016-04-005: Remote Desktop Logon - MITREni, Reference - CAR-2019-04-001: UAC Bypass - MITREni, Reference - CAR-2019-04-002: Generic Regsvr32 - MITREni, Reference - CAR-2019-04-003: Squiblydoo - MITREni, Reference - CAR-2019-04-004: Credential Dumping via Mimikatz - MITREni, Reference - CAR-2019-07-001: Access Permission Modification - MITREni, Reference - CAR-2019-07-002: Lsass Process Dump via Procdump - MITREni, Reference - CAR-2019-08-001: Credential Dumping via Windows Task Manager - MITREni, Reference - CAR-2019-08-002: Active Directory Dumping via NTDSUtil - MITREni, Reference - CAR-2020-04-001: Shadow Copy Deletion - MITREni, Reference - CAR-2020-05-001: MiniDump of LSASS - MITREni, Reference - CAR-2020-05-003: Rare LolBAS Command Lines - MITREni, Reference - CAR-2020-08-001: NTFS Alternate Data Stream Execution - System Utilities - MITREni, Reference - CAR-2020-09-001: Scheduled Task - FileAccess - MITREni, Reference - CAR-2020-09-002: Component Object Model Hijacking - MITREni, Reference - CAR-2020-09-003: Indicator Blocking - Driver Unloaded - MITREni, Reference - CAR-2020-09-004: Credentials in Files & Registry - MITREni, Reference - CAR-2020-09-005: AppInit DLLs - MITREni, Reference - CAR-2020-11-001: Boot or Logon Initialization Scripts - MITREni, Reference - CAR-2020-11-002: Local Network Sniffing - MITREni, Reference - CAR-2020-11-003: DLL Injection with Mavinject - MITREni, Reference - CAR-2020-11-004: Processes Started From Irregular Parent - MITREni, Reference - CAR-2020-11-005: Clear Powershell Console Command History - MITREni, Reference - CAR-2020-11-006: Local Permission Group Discovery - MITREni, Reference - CAR-2020-11-007: Network Share Connection Removal - MITREni, Reference - CAR-2020-11-008: MSBuild and msxsl - MITREni, Reference - CAR-2020-11-009: Compiled HTML Access - MITREni, Reference - CAR-2020-11-010: CMSTP - MITREni, Reference - CAR-2020-11-011: Registry Edit from Screensaverni, Reference - CAR-2021-01-002: Unusually Long Command Line Strings - MITREni, Reference - CAR-2021-01-003: Clearing Windows Logs with Wevtutil - MITREni, Reference - CAR-2021-01-004: Unusual Child Process for Spoolsv.Exe or Connhost.Exe - MITREni, Reference - CAR-2021-01-006: Unusual Child Process spawned using DDE exploit - MITREni, Reference - CAR-2021-01-007: Detecting Tampering of Windows Defender Command Prompt - MITREni, Reference - CAR-2021-01-008: Disable UAC - MITREni, Reference - CAR-2021-01-009: Detecting Shadow Copy Deletion via Vssadmin.exe - MITREni, Reference - CAR-2021-02-001: Webshell-Indicative Process Tree - MITREni, Reference - CAR-2021-02-002: Get System Elevation - MITREni, Reference - CAR-2021-04-001: Common Windows Process Masquerading - MITREni, Reference - CAR-2021-05-001: Attempt To Add Certificate To Untrusted Store - MITREni, Reference - CAR-2021-05-002: Batch File Write to System32 - MITREni, Reference - CAR-2021-05-003: BCDEdit Failure Recovery Modification - MITREni, Reference - CAR-2021-05-004: BITS Job Persistence - MITREni, Reference - CAR-2021-05-005: BITSAdmin Download File - MITREni, Reference - CAR-2021-05-006: CertUtil Download With URLCache and Split Arguments - MITREni, Reference - CAR-2021-05-007: CertUtil Download With VerifyCtl and Split Arguments - MITREni, Reference - CAR-2021-05-008: Certutil exe certificate extraction - MITREni, Reference - CAR-2021-05-009: CertUtil With Decode Argument - MITREni, Reference - CAR-2021-05-010: Create local admin accounts using net exe - MITREni, Reference - CAR-2021-05-011: Create Remote Thread into LSASS - MITREni

External Proxyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.002

has super-classes
Proxyc
producesop some Outbound Internet Network Trafficc
is also defined as
named individual

External Remote Servicesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1133

has super-classes
Initial Access Techniquec
Persistence Techniquec
producesop some Authenticationc
producesop some Authorizationc
producesop some Network Sessionc
is also defined as
named individual

Extra Window Memory Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.011

has super-classes
Process Injectionc

Fallback Channelsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1008

has super-classes
Command and Control Techniquec
producesop some Outbound Internet Network Trafficc
is also defined as
named individual

Fast Flux DNSc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568.001

has super-classes
Dynamic Resolutionc

Fast Symbolic Linkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FastSymbolicLink

is defined by
http://dbpedia.org/resource/Symbolic_link#Storage_of_symbolic_links
Fast symbolic links, allow storage of the target path within the data structures used for storing file information on disk (e.g., within the inodes). This space normally stores a list of disk block addresses allocated to a file. Thus, symlinks with short target paths are accessed quickly. Systems with fast symlinks often fall back to using the original method if the target path exceeds the available inode space.
has super-classes
Symbolic Linkc
Unix Linkc
is disjoint with
Slow Symbolic Linkc

Feature Assessmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FeatureAssessment

has super-classes
Assessmentc
has sub-classes
Admin Feature Assessmentc, Defensive Technique Assessmentc

Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#File

has super-classes
Resourcec
containsop some File Sectionc
may-containop some Filec
may-containop some URLc
has sub-classes
Archive Filec, Certificate Filec, Configuration Filec, Container Imagec, Document Filec, Executable Filec, Log Filec, NTFS Linkc, Object Filec, Operating System Filec, Password Filec, Shortcut Filec, Symbolic Linkc
is also defined as
named individual

File Access Pattern Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileAccessPatternAnalysis

has super-classes
Process Analysisc
analyzesop some Local Resource Accessc
is also defined as
named individual

File Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileAnalysis

has super-classes
Defensive Techniquec
analyzesop some Filec
enablesop some Detectc
has sub-classes
Dynamic Analysisc, Emulated File Analysisc, File Content Rulesc, File Hashingc
has members
Dynamic Analysisni, Emulated File Analysisni, File Content Rulesni, File Hashingni
is also defined as
named individual

File and Directory Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1083

has super-classes
Discovery Techniquec

File and Directory Permissions Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1222

has super-classes
Defense Evasion Techniquec
modifiesop some Access Control Configurationc
has sub-classes
Linux and Mac File and Directory Permissions Modificationc, Windows File and Directory Permissions Modificationc
is also defined as
named individual

File Carvingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileCarving

has super-classes
Network Traffic Analysisc
analyzesop some File Transfer Network Trafficc
is also defined as
named individual

File Content Rulesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileContentRules

has super-classes
File Analysisc
is also defined as
named individual

File Creation Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileCreationAnalysis

has super-classes
System Call Analysisc
analyzesop some Create Filec
is also defined as
named individual

File Deletionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.004

has super-classes
Indicator Removal on Hostc
deletesop some Filec
may-modifyop some Filec
is also defined as
named individual

File Encryptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileEncryption

has super-classes
Platform Hardeningc
is also defined as
named individual

File Hashingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHashing

has super-classes
File Analysisc
is also defined as
named individual

File Sectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSection

has super-classes
Digital Artifactc
has sub-classes
Image Segmentc, Resource Forkc
is also defined as
named individual

File Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileServer

is defined by
http://dbpedia.org/resource/File_server
The term server highlights the role of the machine in the traditional client-server scheme, where the clients are the workstations using the storage. A file server does not normally perform computational tasks or run programs on behalf of its client workstations. File servers are commonly found in schools and offices, where users use a local area network to connect their client computers.
has super-classes
Serverc

File Share Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileShareService

A file sharing service (or file share service) provides the ability to share data across a network.
has super-classes
Network Servicec

File Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystem

has super-classes
Digital Artifactc
containsop some Directoryc
containsop some Filec
containsop some File System Linkc
containsop some File System Metadatac
is also defined as
named individual

File System Linkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystemLink

has super-classes
Digital Artifactc
has sub-classes
Hard Linkc, NTFS Linkc, Symbolic Linkc, Unix Linkc
is also defined as
named individual

File System Metadatac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystemMetadata

has super-classes
Metadatac
is also defined as
named individual

File System Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystemSensor

has super-classes
Endpoint Sensorc
monitorsop some Filec

File Transfer Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileTransferNetworkTraffic

has super-classes
Network Trafficc
has sub-classes
Internet File Transfer Trafficc, Intranet File Transfer Trafficc, Outbound Internet File Transfer Trafficc
is also defined as
named individual

File Transfer Protocolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.002

has super-classes
Application Layer Protocolc
producesop some Outbound Internet File Transfer Trafficc
is also defined as
named individual

Finger Print Scanner Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FingerPrintScannerInputDevice

is defined by
http://dbpedia.org/resource/Fingerprint#Fingerprint_sensors
A fingerprint sensor is an electronic device used to capture a digital image of the fingerprint pattern. The captured image is called a live scan. This live scan is digitally processed to create a biometric template (a collection of extracted features) which is stored and used for matching. Many technologies have been used including optical, capacitive, RF, thermal, piezoresistive, ultrasonic, piezoelectric, and MEMS.
has super-classes
Image Scanner Input Devicec

Firewallc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Firewall

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet. Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls filter traffic between two or more networks and run on network hardware. Host-based firewalls run on host computers and control network traffic in and out of those machines. This definition refers to network firewalls.
has super-classes
Network Nodec
has sub-classes
Application Layer Firewallc

Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Firmware

has super-classes
Softwarec
has sub-classes
Microcodec, Peripheral Firmwarec, System Firmwarec
is also defined as
named individual

Firmware Behavior Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareBehaviorAnalysis

has super-classes
Platform Monitoringc
analyzesop some Firmwarec
is also defined as
named individual

Firmware Corruptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1495

has super-classes
Impact Techniquec

Firmware Embedded Monitoring Codec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareEmbeddedMonitoringCode

has super-classes
Platform Monitoringc
analyzesop some Firmwarec
is also defined as
named individual

Firmware Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareSensor

has super-classes
Endpoint Sensorc
monitorsop some Firmwarec

Firmware Verificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareVerification

has super-classes
Platform Monitoringc
verifiesop some Firmwarec
has sub-classes
Peripheral Firmware Verificationc, System Firmware Verificationc
has members
Peripheral Firmware Verificationni, System Firmware Verificationni
is also defined as
named individual

First-stage Boot Loaderc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#First-stageBootLoader

The very first routine run in order to load the operating system.
has super-classes
Boot Loaderc

Forced Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1187

has super-classes
Credential Access Techniquec
may-modifyop some Windows Shortcut Filec
modifiesop some Authentication Logc
producesop some Authenticationc
is also defined as
named individual

Forward Proxy Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardProxyServer

is defined by
http://dbpedia.org/resource/Open_proxy
An forward (or open) proxy is a proxy server that is accessible by any Internet user. Generally, a proxy server only allows users within a network group (i.e. a closed proxy) to store and forward Internet services such as DNS or web pages to reduce and control the bandwidth used by the group. With an open proxy, however, any user on the Internet is able to use this forwarding service.
has super-classes
Proxy Serverc

Forward Resolution Domain Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardResolutionDomainDenylisting

has super-classes
DNS Denylistingc
blocksop some Outbound Internet DNS Lookup Trafficc
has sub-classes
Hierarchical Domain Denylistingc, Homoglyph Denylistingc
has members
Hierarchical Domain Denylistingni, Homoglyph Denylistingni
is also defined as
named individual

Forward Resolution IP Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardResolutionIPDenylisting

has super-classes
DNS Denylistingc
blocksop some Inbound Internet DNS Response Trafficc
is also defined as
named individual

Gatekeeper Bypassc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.001

has super-classes
Subvert Trust Controlsc
modifiesop some File System Metadatac
is also defined as
named individual

Get System Timec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetSystemTime

has super-classes
System Callc
is also defined as
named individual

Global User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GlobalUserAccount

has super-classes
Domain User Accountc
is also defined as
named individual

Golden Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.001

has super-classes
Steal or Forge Kerberos Ticketsc
forgesop some Kerberos Ticket Granting Ticketc
is also defined as
named individual

Graphical User Interfacec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GraphicalUserInterface

has super-classes
User Interfacec
is also defined as
named individual

Graphics Card Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GraphicsCardFirmware

Firmware that is installed on computer graphics card.
has super-classes
Peripheral Firmwarec

Group Policyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GroupPolicy

has super-classes
Access Control Configurationc
is also defined as
named individual

Group Policy Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1615

has super-classes
Discovery Techniquec
readsop some Group Policyc
is also defined as
named individual

Group Policy Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1484

has super-classes
Defense Evasion Techniquec
Privilege Escalation Techniquec
modifiesop some Group Policyc
is also defined as
named individual

Group Policy Preferencesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.006

has super-classes
Unsecured Credentialsc
accessesop some Group Policyc
is also defined as
named individual

GUI Input Capturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.002

has super-classes
Input Capturec
accessesop some Graphical User Interfacec
is also defined as
named individual

Guidancec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Guidance

has super-classes
Policyc

Guideline Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GuidelineReference

has super-classes
Policy Referencec
has members
Reference - Audit User Account Managementni, Reference - Digital Identity Guidelines 800-63-3ni, Reference - Platform Firmware Resiliency Guidelines - NISTni, Reference - Securing Web Transactionsni, Reference - Windows 10 STIGni

Hard Disk Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardDiskFirmware

Firmware that is installed on a hard disk device.
has super-classes
Peripheral Firmwarec

Hard Linkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardLink

is defined by
http://dbpedia.org/resource/Hard_link
In computing, a hard link is a directory entry that associates a name with a file on a file system. All directory-based file systems must have at least one hard link giving the original name for each file. The term "hard link" is usually only used in file systems that allow more than one hard link for the same file. Multiple hard links -- that is, multiple directory entries to the same file -- are supported by POSIX-compliant and partially POSIX-compliant operating systems, such as Linux, Android, macOS, and also Windows NT4 and later Windows NT operating systems.
has super-classes
File System Linkc
has sub-classes
NTFS Hard Linkc, Unix Hard Linkc

Hardenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Harden

has super-classes
Defensive Tacticc
is also defined as
named individual

Hardware Additionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1200

has super-classes
Initial Access Techniquec
connectsop some Hardware Devicec
is also defined as
named individual

Hardware Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareDevice

has super-classes
Digital Artifactc
Physical Artifactc
has sub-classes
Input Devicec, Output Devicec, Removable Media Devicec, Security Tokenc
is also defined as
named individual

Hardware Driverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareDriver

has super-classes
Digital Artifactc
drivesop some Hardware Devicec
has sub-classes
Display Device Driverc
is also defined as
named individual

Hardware-based Process Isolationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Hardware-basedProcessIsolation

has super-classes
Execution Isolationc
isolatesop some Processc
is also defined as
named individual

Heap Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HeapSegment

The heap segment (or free store) is a large pool of memory from which dynamic memory requests of a process are allocated and satisfied.
has super-classes
Process Segmentc

Hidden File Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.005

has super-classes
Hide Artifactsc
may-modifyop some System Configuration Databasec
modifiesop some Storagec
is also defined as
named individual

Hidden Files and Directoriesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.001

has super-classes
Hide Artifactsc
modifiesop some File System Metadatac
is also defined as
named individual

Hidden Usersc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.002

has super-classes
Hide Artifactsc
modifiesop some User Init Configuration Filec
is also defined as
named individual

Hidden Windowc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.003

has super-classes
Hide Artifactsc
may-modifyop some Property List Filec
may-modifyop some System Configuration Databasec
is also defined as
named individual

Hide Artifactsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564

has super-classes
Defense Evasion Techniquec
has sub-classes
Email Hiding Rulesc, Hidden File Systemc, Hidden Files and Directoriesc, Hidden Usersc, Hidden Windowc, NTFS File Attributesc, Resource Forkingc, Run Virtual Instancec, VBA Stompingc

Hierarchical Domain Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HierarchicalDomainDenylisting

has super-classes
Forward Resolution Domain Denylistingc
is also defined as
named individual

Hijack Execution Flowc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574

has super-classes
Defense Evasion Techniquec
Persistence Techniquec
Privilege Escalation Techniquec
has sub-classes
COR_PROFILERc, DLL Search Order Hijackingc, DLL Side-Loadingc, Dylib Hijackingc, Executable Installer File Permissions Weaknessc, LD_PRELOADc, Path Interception by PATH Environment Variablec, Path Interception by Search Order Hijackingc, Path Interception by Unquoted Pathc, Services File Permissions Weaknessc, Services Registry Permissions Weaknessc

Homoglyph Denylistingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HomoglyphDenylisting

has super-classes
Forward Resolution Domain Denylistingc
is also defined as
named individual

Homoglyph Detectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HomoglyphDetection

has super-classes
Identifier Analysisc
analyzesop some Emailc
analyzesop some URLc
is also defined as
named individual

Hostc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Host

has super-classes
Network Nodec
containsop some Applicationc
containsop some Operating Systemc
runsop some Operating Systemc
has sub-classes
Client Computerc, Serverc
is also defined as
named individual

Host Configuration Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HostConfigurationSensor

has super-classes
Endpoint Sensorc
monitorsop some Application Configurationc
monitorsop some Operating System Configurationc

Host-based Firewallc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Host-basedFirewall

has super-classes
System Softwarec
is also defined as
named individual

Hostnamec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Hostname

has super-classes
Identifierc
is also defined as
named individual

HTML Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HTMLFile

A document file encoded in HTML.The HyperText Markup Language, or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScript. Web browsers receive HTML documents from a web server or from local storage and render the documents into multimedia web pages. HTML describes the structure of a web page semantically and originally included cues for the appearance of the document.
has super-classes
Document Filec

HTML Smugglingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.006

has super-classes
Obfuscated Files or Informationc
createsop some JavaScript Blobc
hidesop some Digital Artifactc
is also defined as
named individual

Human Input Device Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HumanInputDeviceFirmware

Firmware that is installed on an HCI device such as a mouse or keyboard.
has super-classes
Peripheral Firmwarec

Identifierc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Identifier

has super-classes
Digital Artifactc
has sub-classes
Domain Namec, Hostnamec, IP Addressc, URLc
is in domain of
addressesop
is in range of
addressed-byop
is also defined as
named individual

Identifier Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierAnalysis

has super-classes
Defensive Techniquec
enablesop some Detectc
has sub-classes
Homoglyph Detectionc, URL Analysisc
has members
Homoglyph Detectionni, URL Analysisni
is also defined as
named individual

IIS Componentsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.004

has super-classes
Server Software Componentc
addsop some Softwarec
is also defined as
named individual

Image Code Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageCodeSegment

has super-classes
Image Segmentc
containsop some Subroutinec
has members
AMD64 Code Segmentni, ARM32 Code Segmentni, X86 Code Segmentni
is also defined as
named individual

Image Data Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageDataSegment

has super-classes
Image Segmentc
is also defined as
named individual

Image File Execution Options Injectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.012

has super-classes
Event Triggered Executionc
modifiesop some System Configuration Databasec
is also defined as
named individual

Image Scanner Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageScannerInputDevice

is defined by
http://dbpedia.org/resource/Image_scanner
An image scanner -- often abbreviated to just scanner, is a device that optically scans images, printed text, handwriting or an object and converts it to a digital image. Commonly used in offices are variations of the desktop flatbed scanner where the document is placed on a glass window for scanning. Hand-held scanners, where the device is moved by hand, have evolved from text scanning "wands" to 3D scanners used for industrial design, reverse engineering, test and measurement, orthotics, gaming and other applications. Mechanically driven scanners that move the document are typically used for large-format documents, where a flatbed design would be impractical.
has super-classes
Video Input Devicec
has sub-classes
Barcode Scanner Input Devicec, Finger Print Scanner Input Devicec

Image Segmentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageSegment

Image segments are distinct partitions of an object file. Both data and code segments are examples of image segments.
has super-classes
Binary Segmentc
File Sectionc
has sub-classes
Image Code Segmentc, Image Data Segmentc

Impactc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Impact

has super-classes
Offensive Tacticc
is also defined as
named individual

Impact Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImpactTechnique

has super-classes
Offensive Techniquec
enablesop some Impactc
has sub-classes
Account Access Removalc, Data Destructionc, Data Encrypted for Impactc, Data Manipulationc, Defacementc, Disk Wipec, Endpoint Denial of Servicec, Firmware Corruptionc, Inhibit System Recoveryc, Network Denial of Servicec, Resource Hijackingc, Service Stopc, System Shutdown/Rebootc
is also defined as
named individual

Impair Command History Loggingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.003

has super-classes
Impair Defensesc
may-modifyop some User Init Scriptc
may-modifyop some Windows Registry Keyc
modifiesop some Process Environment Variablec
is also defined as
named individual

Impair Defensesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562

has super-classes
Defense Evasion Techniquec
has sub-classes
Disable Windows Event Loggingc, Disable or Modify System Firewallc, Disable or Modify Toolsc, Downgrade Attackc, Impair Command History Loggingc, Safe Mode Bootc

Implant Container Imagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1525

has super-classes
Persistence Techniquec
addsop some Container Imagec
is also defined as
named individual

In-memory Password Storec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#In-memoryPasswordStore

has super-classes
Password Storec
is also defined as
named individual

Inbound Internet DNS Response Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetDNSResponseTraffic

has super-classes
Inbound Internet Network Trafficc
is also defined as
named individual

Inbound Internet Mail Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetMailTraffic

has super-classes
Inbound Internet Network Trafficc
Mail Network Trafficc
is also defined as
named individual

Inbound Internet Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetNetworkTraffic

has super-classes
Internet Network Trafficc
producesop some Network Trafficc
has sub-classes
Inbound Internet DNS Response Trafficc, Inbound Internet Mail Trafficc
is also defined as
named individual

Inbound Session Volume Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundSessionVolumeAnalysis

has super-classes
Network Traffic Analysisc
analyzesop some Inbound Internet Network Trafficc
is also defined as
named individual

Inbound Traffic Filteringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundTrafficFiltering

has super-classes
Network Isolationc
filtersop some Network Trafficc
is also defined as
named individual

Indicator Blockingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.006

has super-classes
Defense Evasion Techniquec

Indicator Removal from Toolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.005

has super-classes
Defense Evasion Techniquec

Indicator Removal on Hostc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070

has super-classes
Defense Evasion Techniquec
has sub-classes
Clear Command Historyc, Clear Linux or Mac System Logsc, Clear Windows Event Logsc, File Deletionc, Network Share Connection Removalc, Timestompc

Indirect Branch Call Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IndirectBranchCallAnalysis

has super-classes
Process Analysisc
is also defined as
named individual

Indirect Command Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1202

has super-classes
Defense Evasion Techniquec

Information Content Entityc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InformationContentEntity

is defined by
https://d3fend.mitre.org/ontologies/d3fend.owl
has super-classes
D3FEND Catalog Thingc
archived-atdp some any u r i
has sub-classes
Documentc, External Knowledge Basec, Licensec, Source Codec
is in range of
citesop

Ingress Tool Transferc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1105

has super-classes
Command and Control Techniquec
producesop some Outbound Internet Network Trafficc
is also defined as
named individual

Inhibit System Recoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1490

has super-classes
Impact Techniquec

Init Scriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitScript

An init script (or initialization script) is an executable script that initializes the an application, a process, or a service's state. Examples include scripts run at boot by Unix or Windows, or those run to initialize a shell.
has super-classes
Executable Scriptc
has sub-classes
Network Init Script File Resourcec, User Init Scriptc

Initial Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitialAccess

has super-classes
Offensive Tacticc
is also defined as
named individual

Initial Access Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitialAccessTechnique

has super-classes
Offensive Techniquec
enablesop some Initial Accessc
has sub-classes
Drive-by Compromisec, Exploit Public-Facing Applicationc, External Remote Servicesc, Hardware Additionsc, Phishingc, Replication Through Removable Mediac, Supply Chain Compromisec, Trusted Relationshipc, Valid Accountsc
is also defined as
named individual

Input Capturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056

has super-classes
Collection Techniquec
Credential Access Techniquec
has sub-classes
Credential API Hookingc, GUI Input Capturec, Keyloggingc, Web Portal Capturec

Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InputDevice

has super-classes
Hardware Devicec
Local Resourcec
has sub-classes
Audio Input Devicec, Keyboard Input Devicec, Mouse Input Devicec, Video Input Devicec
is also defined as
named individual

Input Device Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InputDeviceAnalysis

has super-classes
Operating System Monitoringc
analyzesop some Input Devicec
is also defined as
named individual

Install Root Certificatec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.004

has super-classes
Subvert Trust Controlsc
modifiesop some Certificate Trust Storec
is also defined as
named individual

InstallUtil Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.004

has super-classes
Signed Binary Proxy Executionc

Instant Messaging Clientc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InstantMessagingClient

is defined by
https://dbpedia.org/wiki/Instant_messaging
Client software used to engage in Instant Messaging, a type of online chat that offers real-time text transmission over the Internet. A LAN messenger operates in a similar way over a local area network. Short messages are typically transmitted between two parties, when each user chooses to complete a thought and select "send". Some IM applications can use push technology to provide real-time text, which transmits messages character by character, as they are composed. More advanced instant messaging can add file transfer, clickable hyperlinks, Voice over IP, or video chat.
has super-classes
Collaborative Softwarec

Integrated Honeynetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntegratedHoneynet

has super-classes
Decoy Environmentc
spoofsop some Intranet Networkc
is also defined as
named individual

Integration Test Execution Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntegrationTestExecutionTool

An integration test execution tool automatically performs integration testing. Integration testing (sometimes called integration and testing, abbreviated I&T) is the phase in software testing in which individual software modules are combined and tested as a group.
has super-classes
Test Execution Toolc

Inter-Process Communication Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559

has super-classes
Execution Techniquec
injectsop some Interprocess Communicationc
has sub-classes
Component Object Model Executionc, Dynamic Data Exchange Executionc
is also defined as
named individual

Internal Defacementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491.001

has super-classes
Defacementc
modifiesop some Resourcec
is also defined as
named individual

Internal Proxyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.001

has super-classes
Proxyc
producesop some Intranet Network Trafficc
is also defined as
named individual

Internal Spearphishingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1534

has super-classes
Lateral Movement Techniquec
producesop some Emailc
is also defined as
named individual

Internet Articlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetArticle

has super-classes
News Articlec
is also defined as
named individual

Internet Article Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetArticleReference

has super-classes
Technique Referencec
has members
Reference - Configure User Access Control and Permissionsni, Reference - Decoy Personas for Safeguarding Online Identity Using Deception -ni, Reference - Detection of Malicious IDNHomoglyph Domainsni, Reference - FWTK - Firewall Toolkit -ni, Reference - How ASLR protects Linux systems from buffer overflow attacks - Network Worldni, Reference - How to change registry values or permissions from a command line or a scriptni, Reference - How trust relationships work for resource forests in Azure Active Directory Domain Servicesni, Reference - Overview of the seccomp sandboxni, Reference - Pointer Authentication Project Zeroni, Reference - Security Technologies: Stack Smashing Protection (StackGuard) - Red Hatni, Reference - What is NX/XD feature?ni, Reference - http://www.biometric-solutions.com/keystroke-dynamics.html - biometric-solutions.comni

Internet DNS Lookupc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetDNSLookup

An internet Domain Name System (DNS) lookup is a DNS lookup made from a host on a network that is resolved after querying a DNS name server hosted on a different network.
has super-classes
DNS Lookupc

Internet File Transfer Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetFileTransferTraffic

Internet file transfer network traffic is network traffic related to file transfers between network nodes that crosses a boundary between networks. This includes only network traffic conforming to standard file transfer protocols, not custom transfer protocols.
has super-classes
File Transfer Network Trafficc
Internet Network Trafficc

Internet Networkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetNetwork

is defined by
http://dbpedia.org/resource/Internetworking
A network of multiple, connected networks. Internetworking is the practice of connecting a computer network with other networks through the use of gateways that provide a common method of routing information packets between the networks. The resulting system of interconnected networks are called an internetwork, or simply an internet. Internetworking is a combination of the words inter ("between") and networking; not internet-working or international-network.
has super-classes
Networkc

Internet Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetNetworkTraffic

has super-classes
Network Trafficc
has sub-classes
Inbound Internet Network Trafficc, Internet File Transfer Trafficc, Outbound Internet Network Trafficc
is also defined as
named individual

Interprocess Communicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InterprocessCommunication

has super-classes
Digital Artifactc
has sub-classes
Pipec
is also defined as
named individual

Intranet Administrative Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic

has super-classes
Administrative Network Trafficc
Intranet Network Trafficc
is also defined as
named individual

Intranet DNS Lookupc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetDNSLookup

An Intranet Domain Name System (DNS) lookup is a DNS lookup made from a host on a network that is resolved after querying a DNS name server hosted on a that same network.
has super-classes
DNS Lookupc

Intranet File Transfer Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetFileTransferTraffic

has super-classes
File Transfer Network Trafficc
Intranet Network Trafficc
is also defined as
named individual

Intranet IPC Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetIPCNetworkTraffic

has super-classes
IPC Network Trafficc
Intranet Network Trafficc
may-containop some Filec
is also defined as
named individual

Intranet Multicast Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetMulticastNetworkTraffic

has super-classes
Intranet Network Trafficc
is also defined as
named individual

Intranet Networkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetNetwork

has super-classes
Networkc
is also defined as
named individual

Intranet Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetNetworkTraffic

has super-classes
Network Trafficc
has sub-classes
Intranet Administrative Network Trafficc, Intranet File Transfer Trafficc, Intranet IPC Network Trafficc, Intranet Multicast Network Trafficc, Intranet RPC Network Trafficc, Intranet Web Network Trafficc, Local Area Network Trafficc
is also defined as
named individual

Intranet RPC Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetRPCNetworkTraffic

Intranet RPC network traffic is network traffic that does not cross a given network's boundaries and uses a standard remote procedure call (e.g., RFC 1050) protocol.
has super-classes
Intranet Network Trafficc
RPC Network Trafficc

Intranet Web Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetWebNetworkTraffic

has super-classes
Intranet Network Trafficc
Web Network Trafficc
may-containop some Filec
is also defined as
named individual

Intrusion Detection Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntrusionDetectionSystem

is defined by
http://dbpedia.org/resource/Intrusion_detection_system
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.
has super-classes
Network Nodec
has sub-classes
Intrusion Prevention Systemc

Intrusion Prevention Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntrusionPreventionSystem

is defined by
http://dbpedia.org/resource/Intrusion_detection_system#Intrusion_prevention
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, report it and attempt to block or stop it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent or block intrusions that are detected. IPS can take such actions as sending an alarm, dropping detected malicious packets, resetting a connection or blocking traffic from the offending IP address. An IPS also can correct cyclic redundancy check (CRC) errors, defragment packet streams, mitigate TCP sequencing issues, and clean up unwanted transport and network layer options.
has super-classes
Intrusion Detection Systemc

Invalid Code Signaturec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.001

has super-classes
Masqueradingc
createsop some Executable Binaryc
is also defined as
named individual

IO Port Restrictionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IOPortRestriction

has super-classes
Execution Isolationc
filtersop some Input Devicec
filtersop some Removable Media Devicec
is also defined as
named individual

IP Addressc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPAddress

is defined by
http://dbpedia.org/resource/IP_address
An Internet Protocol address (IP address) is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.An IP address serves two main functions: host or network interface identification and location addressing. Internet Protocol version 4 (IPv4) defines an IP address as a 32-bit number. However, because of the growth of the Internet and the depletion of available IPv4 addresses, a new version of IP (IPv6), using 128 bits for the IP address, was standardized in 1998. IPv6 deployment has been ongoing since the mid-2000s.
has super-classes
Identifierc

IP Phonec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPPhone

is defined by
http://dbpedia.org/resource/VoIP_phone
A VoIP phone or IP phone uses voice over IP technologies for placing and transmitting telephone calls over an IP network, such as the Internet, instead of the traditional public switched telephone network (PSTN). Digital IP-based telephone service uses control protocols such as the Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) or various other proprietary protocols.
has super-classes
Personal Computerc

IPC Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPCNetworkTraffic

IPC network traffic is network traffic related to inter-process communication (IPC) between network nodes..This includes only network traffic conforming to a standard IPC protocol; not custom protocols.
has super-classes
Network Trafficc
has sub-classes
Intranet IPC Network Trafficc

IPC Traffic Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPCTrafficAnalysis

has super-classes
Network Traffic Analysisc
analyzesop some Intranet IPC Network Trafficc
is also defined as
named individual

Isolatec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Isolate

has super-classes
Defensive Tacticc
is also defined as
named individual

JavaScript Blobc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JavaScriptBlob

has super-classes
Binary Large Objectc
is also defined as
named individual

JavaScript/JScriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.007

has super-classes
Command and Scripting Interpreter Executionc

Job Function Access Pattern Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JobFunctionAccessPatternAnalysis

has super-classes
User Behavior Analysisc
analyzesop some Authorizationc
is also defined as
named individual

Journal Articlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JournalArticle

has super-classes
Academic Articlec

Junk Datac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001.001

has super-classes
Data Obfuscationc

Kerberoastingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.003

has super-classes
Steal or Forge Kerberos Ticketsc
may-produceop some RPC Network Trafficc
is also defined as
named individual

Kerberos TIcketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KerberosTIcket

has super-classes
Access Tokenc
has sub-classes
Kerberos Ticket Granting Service Ticketc, Kerberos Ticket Granting Ticketc
is also defined as
named individual

Kerberos Ticket Granting Service Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KerberosTicketGrantingServiceTicket

A Kerberos ticket-granting service (TGS) ticket is given in response to requesting a Kerberos TGS request.
has super-classes
Kerberos TIcketc

Kerberos Ticket Granting Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KerberosTicketGrantingTicket

has super-classes
Kerberos TIcketc
Ticket Granting Ticketc
is also defined as
named individual

Kernelc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Kernel

has super-classes
System Softwarec
containsop some Kernel Process Tablec
loadsop some Applicationc
managesop some Operating System Processc
managesop some User Processc
may-containop some Hardware Driverc
may-containop some Kernel Modulec
is also defined as
named individual

Kernel API Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelAPISensor

has super-classes
Endpoint Sensorc
monitorsop some System Callc

Kernel Modulec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelModule

has super-classes
Object Filec
is also defined as
named individual

Kernel Modules and Extensionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.006

has super-classes
Boot or Logon Autostart Executionc
modifiesop some Kernel Modulec
is also defined as
named individual

Kernel Process Tablec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelProcessTable

has super-classes
Digital Artifactc
is also defined as
named individual

Kernel-based Process Isolationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Kernel-basedProcessIsolation

has super-classes
Execution Isolationc
has sub-classes
Mandatory Access Controlc, System Call Filteringc
has members
Mandatory Access Controlni, System Call Filteringni
is also defined as
named individual

Keyboard Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KeyboardInputDevice

has super-classes
Input Devicec
is also defined as
named individual

Keychainc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.001

has super-classes
Credentials from Password Storesc
accessesop some MacOS Keychainc
is also defined as
named individual

Keyloggingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.001

has super-classes
Input Capturec
accessesop some Keyboard Input Devicec
is also defined as
named individual

Kiosk Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KioskComputer

is defined by
http://dbpedia.org/resource/Interactive_kiosk
An interactive kiosk is a computer terminal featuring specialized hardware and software that provides access to information and applications for communication, commerce, entertainment, or education. Early interactive kiosks sometimes resembled telephone booths, but have been embraced by retail, food service and hospitality to improve customer service and streamline operations. Interactive kiosks are typically placed in high foot traffic settings such as shops, hotel lobbies or airports.
has super-classes
Shared Computerc

Laptop Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LaptopComputer

is defined by
http://dbpedia.org/resource/Laptop
A laptop computer (also laptop), is a small, portable personal computer (PC) with a "clamshell" form factor, typically having a thin LCD or LED computer screen mounted on the inside of the upper lid of the clamshell and an alphanumeric keyboard on the inside of the lower lid. The clamshell is opened up to use the computer. Laptops are folded shut for transportation, and thus are suitable for mobile use. Its name comes from lap, as it was deemed to be placed on a person's lap when being used. Although originally there was a distinction between laptops and notebooks (the former being bigger and heavier than the latter), as of 2014, there is often no longer any difference. Today, laptops are commonly used in a variety of settings, such as at work, in education, for playing games, web browsing
has super-classes
Personal Computerc

Latencyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Latency

has super-classes
D3FEND Thingc
has sub-classes
Analytic Latencyc, Eviction Latencyc

Lateral Movementc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LateralMovement

has super-classes
Offensive Tacticc
is also defined as
named individual

Lateral Movement Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LateralMovementTechnique

has super-classes
Offensive Techniquec
enablesop some Lateral Movementc
has sub-classes
Exploitation of Remote Servicesc, Internal Spearphishingc, Lateral Tool Transferc, Remote Service Session Hijackingc, Remote Servicesc, Replication Through Removable Mediac, Software Deployment Tools Executionc, Taint Shared Contentc, Use Alternate Authentication Materialc
is also defined as
named individual

Lateral Tool Transferc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1570

has super-classes
Lateral Movement Techniquec
producesop some Intranet File Transfer Trafficc
is also defined as
named individual

Launch Agentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.001

has super-classes
Create or Modify System Processc
createsop some Property List Filec
is also defined as
named individual

Launch Daemonc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.004

has super-classes
Create or Modify System Processc
modifiesop some Property List Filec
is also defined as
named individual

Launchctlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1569.001

has super-classes
System Servicesc

Launchdc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.004

has super-classes
Scheduled Task/Job Executionc
createsop some Property List Filec
is also defined as
named individual

LC_LOAD_DYLIB Additionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.006

has super-classes
Event Triggered Executionc
modifiesop some Executable Binaryc
is also defined as
named individual

LD_PRELOADc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.006

has super-classes
Hijack Execution Flowc
modifiesop some Operating System Configuration Filec
is also defined as
named individual

Legacy Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LegacySystem

has super-classes
Digital Systemc
is also defined as
named individual

Licensec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#License

has super-classes
Information Content Entityc
has sub-classes
Open Source Licensec, Proprietary Licensec

Linux and Mac File and Directory Permissions Modificationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1222.002

has super-classes
File and Directory Permissions Modificationc

LLMNR/NBT-NS Poisoning and SMB Relayc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557.001

has super-classes
Man-in-the-Middlec
producesop some Intranet Multicast Network Trafficc
is also defined as
named individual

Local Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.001

has super-classes
Create Accountc
createsop some Local User Accountc
is also defined as
named individual

Local Account Monitoringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAccountMonitoring

has super-classes
User Behavior Analysisc
analyzesop some Local User Accountc
is also defined as
named individual

Local Accountsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.003

has super-classes
Valid Accountsc
usesop some Local User Accountc
is also defined as
named individual

Local Area Networkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAreaNetwork

has super-classes
Networkc
may-containop some Hostc
is also defined as
named individual

Local Area Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAreaNetworkTraffic

has super-classes
Intranet Network Trafficc
is also defined as
named individual

Local Authentication Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAuthenticationService

A local authentication service running on a host can authenticate a user logged into just that local host computer.
has super-classes
Authentication Servicec
System Service Softwarec

Local Authorization Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAuthorizationService

A local authorization service running on a host can authorize a user logged into just that local host computer.
has super-classes
Authorization Servicec
System Service Softwarec

Local Data Stagingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074.001

has super-classes
Data Stagedc
modifiesop some Local Resourcec
is also defined as
named individual

Local Email Collectionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.001

has super-classes
Email Collectionc
accessesop some Emailc
is also defined as
named individual

Local File Permissionsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalFilePermissions

has super-classes
Platform Hardeningc
restrictsop some Directoryc
restrictsop some Filec
is also defined as
named individual

Local Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalResource

has super-classes
Resourcec
has sub-classes
Input Devicec, Startup Directoryc, System Configuration Init Resourcec, User Logon Init Resourcec
is also defined as
named individual

Local Resource Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalResourceAccess

has super-classes
Resource Accessc
accessesop some Local Resourcec
is also defined as
named individual

Local User Accountc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalUserAccount

has super-classes
User Accountc
is also defined as
named individual

Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Log

has super-classes
Digital Artifactc
has sub-classes
Authentication Logc, Authorization Logc, Event Logc, Packet Logc
is also defined as
named individual

Log Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogFile

has super-classes
Filec
containsop some Logc
has sub-classes
Command History Log Filec, Operating System Log Filec
is also defined as
named individual

Login Itemsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.015

has super-classes
Boot or Logon Autostart Executionc
modifiesop some User Logon Init Resourcec
is also defined as
named individual

Login Sessionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LoginSession

has super-classes
Sessionc
has sub-classes
Remote Sessionc
is also defined as
named individual

Logon Script (Mac)c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.002

has super-classes
Boot or Logon Initialization Scriptsc
modifiesop some User Init Scriptc
is also defined as
named individual

Logon Script (Windows)c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.001

has super-classes
Boot or Logon Initialization Scriptsc
modifiesop some User Init Scriptc
is also defined as
named individual

LSA Secretsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.004

has super-classes
OS Credential Dumpingc
may-accessop some Processc
may-accessop some System Password Databasec
is also defined as
named individual

LSASS Driverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.008

has super-classes
Boot or Logon Autostart Executionc
may-createop some Shared Library Filec
modifiesop some System Service Softwarec
is also defined as
named individual

LSASS Memoryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.001

has super-classes
OS Credential Dumpingc
accessesop some Authentication Servicec
accessesop some Processc
is also defined as
named individual

MacOS Keychainc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MacOSKeychain

has super-classes
Password Storec
is also defined as
named individual

Mail Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailNetworkTraffic

has super-classes
Network Trafficc
containsop some Emailc
has sub-classes
Inbound Internet Mail Trafficc
is also defined as
named individual

Mail Protocolsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.003

has super-classes
Application Layer Protocolc
producesop some Outbound Internet Mail Trafficc
is also defined as
named individual

Mail Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailServer

has super-classes
Serverc
is also defined as
named individual

Mail Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailService

A mail service provides the ability to send and receive mail across a computer network. The mail service runs on message transfer agents (i.e., mail servers) and is accessed by users through an email client.
has super-classes
Network Servicec

Make and Impersonate Tokenc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.003

has super-classes
Access Token Manipulationc
copiesop some Access Tokenc
createsop some Login Sessionc
may-modifyop some Event Logc
is also defined as
named individual

Malicious File Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.002

has super-classes
User Executionc
executesop some Executable Filec
is also defined as
named individual

Malicious Link Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.001

has super-classes
User Executionc
accessesop some URLc
producesop some Outbound Internet Web Trafficc
is also defined as
named individual

Man in the Browserc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1185

has super-classes
Collection Techniquec
producesop some Web Network Trafficc
is also defined as
named individual

Man-in-the-Middlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557

has super-classes
Collection Techniquec
Credential Access Techniquec
producesop some Network Trafficc
has sub-classes
LLMNR/NBT-NS Poisoning and SMB Relayc
is also defined as
named individual

Mandatory Access Controlc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MandatoryAccessControl

has super-classes
Kernel-based Process Isolationc
isolatesop some Processc
is also defined as
named individual

Masquerade Task or Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.004

has super-classes
Masqueradingc
modifiesop some Task Schedulec
is also defined as
named individual

Masqueradingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036

has super-classes
Defense Evasion Techniquec
has sub-classes
Double File Extensionc, Invalid Code Signaturec, Masquerade Task or Servicec, Match Legitimate Name or Locationc, Rename System Utilitiesc, Right-to-Left Overridec, Space after Filenamec

Match Legitimate Name or Locationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.005

has super-classes
Masqueradingc
invokesop some Move Filec
may-createop some Filec
is also defined as
named individual

Mavinjectc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.013

has super-classes
Signed Binary Proxy Executionc
invokesop some Create Threadc
modifiesop some Process Segmentc
is also defined as
named individual

Media Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MediaServer

is defined by
http://dbpedia.org/resource/Media_server
A media server is a computer appliance or an application software that stores digital media (video, audio or images) and makes it available over a network. Media servers range from servers that provide video on demand to smaller personal computers or NAS (Network Attached Storage) for the home.
has super-classes
Serverc

Memory Boundary Trackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryBoundaryTracking

has super-classes
Operating System Monitoringc
analyzesop some Process Code Segmentc
is also defined as
named individual

Message Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageAnalysis

has super-classes
Defensive Techniquec
enablesop some Detectc
has sub-classes
Sender MTA Reputation Analysisc, Sender Reputation Analysisc
has members
Sender MTA Reputation Analysisni, Sender Reputation Analysisni
is also defined as
named individual

Message Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageAuthentication

has super-classes
Message Hardeningc
authenticatesop some User to User Messagec
is also defined as
named individual

Message Encryptionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageEncryption

has super-classes
Message Hardeningc
encryptsop some User to User Messagec
is also defined as
named individual

Message Hardeningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageHardening

has super-classes
Defensive Techniquec
enablesop some Hardenc
has sub-classes
Message Authenticationc, Message Encryptionc, Transfer Agent Authenticationc
has members
Message Authenticationni, Message Encryptionni, Transfer Agent Authenticationni
is also defined as
named individual

Message Transfer Agentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageTransferAgent

has super-classes
Service Applicationc
is also defined as
named individual

Metadatac back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Metadata

is defined by
http://dbpedia.org/resource/Metadata
Metadata is "data [information] that provides information about other data". Three distinct types of metadata exist: structural metadata, descriptive metadata, and administrative metadata. Structural metadata is data about the containers of data. For instance a "book" contains data, and data about the book is metadata about that container of data. Descriptive metadata uses individual instances of application data or the data content.
has super-classes
Digital Artifactc
has sub-classes
File System Metadatac

Microcodec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Microcode

is defined by
http://dbpedia.org/resource/Microcode
Microcode is a computer hardware technique that interposes a layer of organization between the CPU hardware and the programmer-visible instruction set architecture of the computer. As such, the microcode is a layer of hardware-level instructions that implement higher-level machine code instructions or internal state machine sequencing in many digital processing elements.
has super-classes
Firmwarec

MMCc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.014

has super-classes
Signed Binary Proxy Executionc
executesop some Commandc
may-addop some Softwarec
may-modifyop some System Configuration Databasec
is also defined as
named individual

Mobile Phonec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MobilePhone

is defined by
http://dbpedia.org/resource/Mobile_phone
A mobile phone, cellular phone, cell phone, cellphone or hand phone, sometimes shortened to simply mobile, cell or just phone, is a portable telephone that can make and receive calls over a radio frequency link while the user is moving within a telephone service area. The radio frequency link establishes a connection to the switching systems of a mobile phone operator, which provides access to the public switched telephone network (PSTN). Modern mobile telephone services use a cellular network architecture and, therefore, mobile telephones are called cellular telephones or cell phones in North America. In addition to telephony, digital mobile phones (2G) support a variety of other services, such as text messaging, MMS, email, Internet access, short-range wireless communications (infrared,
has super-classes
Personal Computerc

Modemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Modem

is defined by
http://dbpedia.org/resource/Modem
A modem -- a portmanteau of "modulator-demodulator" -- is a hardware device that converts data into a format suitable for a transmission medium so that it can be transmitted from one computer to another (historically along telephone wires). A modem modulates one or more carrier wave signals to encode digital information for transmission and demodulates signals to decode the transmitted information. The goal is to produce a signal that can be transmitted easily and decoded reliably to reproduce the original digital data. Modems can be used with almost any means of transmitting analog signals from light-emitting diodes to radio. A common type of modem is one that turns the digital data of a computer into modulated electrical signal for transmission over telephone lines and demodulated by another modem at the receiver side to recover the digital data.
has super-classes
Network Nodec
has sub-classes
Dial Up Modemc, Optical Modemc, Radio Modemc

Modify Authentication Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556

has super-classes
Credential Access Techniquec
Defense Evasion Techniquec
modifiesop some Authentication Servicec
has sub-classes
Domain Controller Authenticationc, Network Device Authenticationc, Password Filter DLLc, Pluggable Authentication Modulesc
is also defined as
named individual

Modify Registryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1112

has super-classes
Defense Evasion Techniquec
modifiesop some Windows Registryc
is also defined as
named individual

Monitoringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Monitoring

is defined by
http://wordnet-rdf.princeton.edu/id/00881724-n
the act of observing something (and sometimes keeping a record of it)
has super-classes
D3FEND Thingc

Mouse Input Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MouseInputDevice

is defined by
http://dbpedia.org/resource/Computer_mouse
A computer mouse (plural mice or mouses) is a hand-held pointing device that detects two-dimensional motion relative to a surface. This motion is typically translated into the motion of a pointer on a display, which allows a smooth control of the graphical user interface of a computer. In addition to moving a cursor, computer mice have one or more buttons to allow operations such as selection of a menu item on a display. Mice often also feature other elements, such as touch surfaces and scroll wheels, which enable additional control and dimensional input.
has super-classes
Input Devicec

Move Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MoveFile

has super-classes
System Callc
modifiesop some File System Metadatac
is also defined as
named individual

MSBuildc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1127.001

has super-classes
Trusted Developer Utilities Proxy Executionc
modifiesop some Compiler Configuration Filec
runsop some Compilerc
is also defined as
named individual

Mshta Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.005

has super-classes
Signed Binary Proxy Executionc

Msiexec Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.007

has super-classes
Signed Binary Proxy Executionc

Multi-factor Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Multi-factorAuthentication

has super-classes
Credential Hardeningc
authenticatesop some User Accountc
is also defined as
named individual

Multi-hop Proxyc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.003

has super-classes
Proxyc
producesop some Outbound Internet Network Trafficc
is also defined as
named individual

Multi-Stage Channelsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1104

has super-classes
Command and Control Techniquec
producesop some Outbound Internet Network Trafficc
is also defined as
named individual

Native API Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1106

has super-classes
Execution Techniquec
invokesop some System Callc
is also defined as
named individual

Netsh Helper DLLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.007

has super-classes
Event Triggered Executionc
modifiesop some System Configuration Database Recordc
producesop some Processc
is also defined as
named individual

Networkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Network

A network is a group of computers that use a set of common communication protocols over digital interconnections for the purpose of sharing resources located on or provided by the network nodes. The interconnections between nodes are formed from a broad spectrum of telecommunication network technologies, based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies.
has super-classes
Digital Artifactc
has sub-classes
Internet Networkc, Intranet Networkc, Local Area Networkc, Wide Area Networkc

Network Card Firmwarec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkCardFirmware

Firmware that is installed on a network card (network interface controller).
has super-classes
Peripheral Firmwarec

Network Denial of Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498

has super-classes
Impact Techniquec
has sub-classes
Direct Network Floodc, Reflection Amplificationc, Service Exhaustion Floodc

Network Device Authenticationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.004

has super-classes
Modify Authentication Processc

Network Device CLIc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.008

has super-classes
Command and Scripting Interpreter Executionc

Network Directory Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkDirectoryResource

has super-classes
Network File Share Resourcec
containsop some Directoryc
is also defined as
named individual

Network File Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFileResource

has super-classes
Network File Share Resourcec
containsop some Filec
has sub-classes
Network Init Script File Resourcec, Web File Resourcec
is also defined as
named individual

Network File Share Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFileShareResource

has super-classes
Network Resourcec
has sub-classes
Network Directory Resourcec, Network File Resourcec
is also defined as
named individual

Network Flowc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFlow

has super-classes
Digital Artifactc
summarizesop some Network Trafficc
is also defined as
named individual

Network Flow Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFlowSensor

has super-classes
Network Sensorc
monitorsop some Network Flowc

Network Init Script File Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkInitScriptFileResource

has super-classes
Init Scriptc
Network File Resourcec
is also defined as
named individual

Network Isolationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkIsolation

has super-classes
Defensive Techniquec
enablesop some Isolatec
has sub-classes
Broadcast Domain Isolationc, DNS Allowlistingc, DNS Denylistingc, Encrypted Tunnelsc, Inbound Traffic Filteringc, Outbound Traffic Filteringc
has members
Broadcast Domain Isolationni, DNS Allowlistingni, DNS Denylistingni, Encrypted Tunnelsni, Inbound Traffic Filteringni, Outbound Traffic Filteringni
is also defined as
named individual

Network Logon Scriptc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.003

has super-classes
Boot or Logon Initialization Scriptsc
modifiesop some Network Init Script File Resourcec
is also defined as
named individual

Network Nodec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkNode

has super-classes
Digital Artifactc
runsop some Operating Systemc
has sub-classes
Firewallc, Hostc, Intrusion Detection Systemc, Modemc, Proxy Serverc, Routerc, Switchc, Wireless Access Pointc
is also defined as
named individual

Network Packetc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkPackets

has super-classes
Network Trafficc
is also defined as
named individual

Network Printerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkPrinter

is defined by
http://dbpedia.org/resource/Printer_(computing)
In computing, a network printer is a device that can be accessed over a network which makes a persistent representation of graphics or text, usually on paper. While most output is human-readable, bar code printers are an example of an expanded use for printers. The different types of printers include 3D printer, inkjet printer, laser printer, thermal printer, etc. Note that not all printers are networked and the digital information to be printed must be passed either by removable media or as directly connecting the printer to a computer (e.g., by USB.)
has super-classes
Shared Computerc

Network Protocol Analyzerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkProtocolAnalyzer

has super-classes
Network Sensorc
monitorsop some Network Trafficc

Network Resourcec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkResource

has super-classes
Remote Resourcec
has sub-classes
Network File Share Resourcec, Network Servicec, Serverc
is in range of
accessesop
is also defined as
named individual

Network Resource Accessc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkResourceAccess

has super-classes
Resource Accessc
accessesop some Network Resourcec
accessesop some Resourcec
has sub-classes
Web Resource Accessc
is also defined as
named individual

Network Sensorc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkSensor

has super-classes
Sensorc
has sub-classes
Network Flow Sensorc, Network Protocol Analyzerc

Network Servicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkService

is defined by
http://dbpedia.org/resource/Network_service
In computer networking, a network service is an application running at the network application layer and above, that provides data storage, manipulation, presentation, communication or other capability which is often implemented using a client-server or peer-to-peer architecture based on application layer network protocols. Clients and servers will often have a user interface, and sometimes other hardware associated with it.
has super-classes
Network Resourcec
has sub-classes
Directory Servicec, File Share Servicec, Mail Servicec

Network Service Scanningc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1046

has super-classes
Discovery Techniquec

Network Sessionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkSession

has super-classes
Network Trafficc
containsop some Network Packetc
has sub-classes
Remote Commandc, Remote Terminal Sessionc
is also defined as
named individual

Network Share Connection Removalc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.005

has super-classes
Indicator Removal on Hostc
unmountsop some Network File Share Resourcec
is also defined as
named individual

Network Share Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1135

has super-classes
Discovery Techniquec

Network Sniffingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1040

has super-classes
Credential Access Techniquec
Discovery Techniquec
may-produceop some DNS Lookupc
is also defined as
named individual

Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic

has super-classes
Digital Artifactc
may-containop some Domain Namec
originates-fromop some Physical Locationc
has sub-classes
Administrative Network Trafficc, DNS Network Trafficc, File Transfer Network Trafficc, IPC Network Trafficc, Internet Network Trafficc, Intranet Network Trafficc, Mail Network Trafficc, Network Packetc, Network Sessionc, RPC Network Trafficc, Web Network Trafficc
is also defined as
named individual

Network Traffic Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficAnalysis

has super-classes
Defensive Techniquec
enablesop some Detectc
has sub-classes
Administrative Network Activity Analysisc, Byte Sequence Emulationc, Certificate Analysisc, Client-server Payload Profilingc, Connection Attempt Analysisc, DNS Traffic Analysisc, File Carvingc, IPC Traffic Analysisc, Inbound Session Volume Analysisc, Network Traffic Community Deviationc, Per Host Download-Upload Ratio Analysisc, Protocol Metadata Anomaly Detectionc, RPC Traffic Analysisc, Relay Pattern Analysisc, Remote Terminal Session Detectionc
has members
Administrative Network Activity Analysisni, Byte Sequence Emulationni, Certificate Analysisni, Client-server Payload Profilingni, Connection Attempt Analysisni, DNS Traffic Analysisni, File Carvingni, IPC Traffic Analysisni, Inbound Session Volume Analysisni, Network Traffic Analysisni, Network Traffic Community Deviationni, Per Host Download-Upload Ratio Analysisni, Protocol Metadata Anomaly Detectionni, RPC Traffic Analysisni, Relay Pattern Analysisni, Remote Terminal Session Detectionni
is also defined as
named individual

Network Traffic Community Deviationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficCommunityDeviation

has super-classes
Network Traffic Analysisc
analyzesop some Network Trafficc
is also defined as
named individual

News Articlec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NewsArticle

has super-classes
Articlec
has sub-classes
Internet Articlec

Non-Application Layer Protocolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1095

has super-classes
Command and Control Techniquec
producesop some Outbound Internet Network Trafficc
is also defined as
named individual

Non-Standard Encodingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1132.002

has super-classes
Data Encodingc

Non-Standard Portc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1571

has super-classes
Command and Control Techniquec
producesop some Outbound Internet Network Trafficc
is also defined as
named individual

NTDSc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.003

has super-classes
OS Credential Dumpingc
accessesop some Encrypted Credentialc
is also defined as
named individual

NTFS File Attributesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.004

has super-classes
Hide Artifactsc
modifiesop some File System Metadatac
is also defined as
named individual

NTFS Hard Linkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NTFSHardLink

is defined by
http://dbpedia.org/resource/NTFS_links
An NTFS hard link points to another file, and files share the same MFT entry (inode), in the same filesystem.
has super-classes
Hard Linkc
NTFS Linkc

NTFS Junction Pointc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NTFSJunctionPoint

is defined by
http://dbpedia.org/resource/NTFS_links
NTFS junction points are are similar to NTFS symlinks but are defined only for directories. Only accepts local absolute paths.
has super-classes
NTFS Linkc
Symbolic Linkc

NTFS Linkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NTFSLink

The NTFS filesystem defines various ways to link files, i.e. to make a file point to another file or its contents. The object being pointed to is called the target. There are three classes of NTFS links: (a) Hard links, which have files share the same MFT entry (inode), in the same filesystem; (b) Symbolic links, which record the path of another file that the links contents should show and can accept relative paths; and (c) Junction points, which are similar to symlinks but defined only for directories and only accepts local absolute paths
has super-classes
Filec
File System Linkc
has sub-classes
NTFS Hard Linkc, NTFS Junction Pointc, NTFS Symbolic Linkc

NTFS Symbolic Linkc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NTFSSymbolicLink

is defined by
http://dbpedia.org/resource/NTFS_links
An NTFS symbolic link records the path of another file that the links contents should show. Can accept relative paths. SMB networking (UNC path) and directory support added in NTFS 3.1.
has super-classes
NTFS Linkc
Symbolic Linkc

Obfuscated Files or Informationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027

has super-classes
Defense Evasion Techniquec
has sub-classes
Binary Paddingc, Compile After Deliveryc, HTML Smugglingc, Software Packingc

Object Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ObjectFile

has super-classes
Filec
has sub-classes
Kernel Modulec, Shared Library Filec
is also defined as
named individual

Odbcconf Executionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.008

has super-classes
Signed Binary Proxy Executionc

Offensive Tacticc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OffensiveTactic

is defined by
https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf
Per ATT&CK, these are defined as Tactical Goals, not Tactics per se. Many children also fit definition of tactics. Some are neither tactics or tactical goals really (e.g., Execution, which is a useful grouping, but an action, not really a tactic or technique.
has super-classes
ATTACK Thingc
enabled-byop some Offensive Techniquec
display-orderdp some integer
has sub-classes
Collectionc, Command And Controlc, Credential Accessc, Defense Evasionc, Discoveryc, Executionc, Exfiltrationc, Impactc, Initial Accessc, Lateral Movementc, Persistencec, Privilege Escalationc
has members
Collectionni, Command And Controlni, Credential Accessni, Defense Evasionni, Discoveryni, Executionni, Exfiltrationni, Impactni, Initial Accessni, Lateral Movementni, Persistenceni, Privilege Escalationni

Offensive Techniquec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OffensiveTechnique

is defined by
https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf
has super-classes
ATTACK Thingc
Techniquec
enablesop some Offensive Tacticc
display-orderdp some integer
has sub-classes
Collection Techniquec, Command and Control Techniquec, Credential Access Techniquec, Defense Evasion Techniquec, Discovery Techniquec, Execution Techniquec, Exfiltration Techniquec, Impact Techniquec, Initial Access Techniquec, Lateral Movement Techniquec, Persistence Techniquec, Privilege Escalation Techniquec
is in domain of
attack-id, attack-kb-annotation
is in range of
may-be-tactically-associated-withop

Office Applicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OfficeApplication

has super-classes
User Applicationc
is also defined as
named individual

Office Application Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OfficeApplicationFile

has super-classes
Document Filec
is also defined as
named individual

Office Application Startupc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137

has super-classes
Persistence Techniquec
has sub-classes
Add-insc, Office Template Macrosc, Office Testc, Outlook Formsc, Outlook Home Pagec, Outlook Rulesc

Office Template Macrosc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.001

has super-classes
Office Application Startupc
may-addop some Executable Scriptc
may-modifyop some Executable Scriptc
may-modifyop some System Configuration Database Recordc
is also defined as
named individual

Office Testc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.002

has super-classes
Office Application Startupc
modifiesop some System Configuration Database Recordc
is also defined as
named individual

One-time Passwordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#One-timePassword

has super-classes
Credential Hardeningc
authenticatesop some User Accountc
use-limitsop some Passwordc
is also defined as
named individual

One-Way Communicationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102.003

has super-classes
Web Servicec

Open Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpenFile

is defined by
http://dbpedia.org/resource/Open_(system_call)
For most file systems, a program initializes access to a file in a file system using the open system call. This allocates resources associated to the file (the file descriptor), and returns a handle that the process will use to refer to that file. In some cases the open is performed by the first access. During the open, the filesystem may allocate memory for buffers, or it may wait until the first operation. Various other errors which may occur during the open include directory update failures, un-permitted multiple connections, media failures, communication link failures and device failures.
has super-classes
System Callc

Open Source Licensec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpenSourceLicense

has super-classes
Licensec

Operating Systemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystem

has super-classes
Digital Artifactc
containsop some Kernelc
containsop some System Service Softwarec
may-containop some Operating System Configuration Componentc
is also defined as
named individual

Operating System Configurationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemConfiguration

Information used to configure the services, parameters, and initial settings for an operating system.
has super-classes
Configuration Bearing Entityc
has sub-classes
Operating System Configuration Componentc

Operating System Configuration Componentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemConfigurationComponent

has super-classes
Operating System Configurationc
has sub-classes
System Configuration Database Recordc, System Firewall Configurationc, System Init Configurationc
is also defined as
named individual

Operating System Configuration Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemConfigurationFile

has super-classes
Configuration Filec
Operating System Filec
is also defined as
named individual

Operating System Executable Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemExecutableFile

has super-classes
Operating System Filec
is also defined as
named individual

Operating System Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemFile

has super-classes
Filec
has sub-classes
Operating System Configuration Filec, Operating System Executable Filec, Operating System Log Filec, Operating System Shared Library Filec
is also defined as
named individual

Operating System Log Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemLogFile

has super-classes
Log Filec
Operating System Filec
is also defined as
named individual

Operating System Monitoringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemMonitoring

has super-classes
Platform Monitoringc
has sub-classes
Endpoint Health Beaconc, Input Device Analysisc, Memory Boundary Trackingc, Scheduled Job Analysisc, System Daemon Monitoringc, System File Analysisc, System Init Config Analysisc, User Session Init Config Analysisc
has members
Endpoint Health Beaconni, Input Device Analysisni, Memory Boundary Trackingni, Scheduled Job Analysisni, System Daemon Monitoringni, System File Analysisni, System Init Config Analysisni, User Session Init Config Analysisni
is also defined as
named individual

Operating System Packaging Toolc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemPackagingTool

A software packaging tool oriented on building a software package for a particular operating system (e.g. rpmbuild.)
has super-classes
Software Packaging Toolc

Operating System Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemProcess

has super-classes
Processc
has sub-classes
System Init Processc, Task Scheduler Processc
is also defined as
named individual

Operating System Shared Library Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemSharedLibraryFile

has super-classes
Operating System Filec
Shared Library Filec
is also defined as
named individual

Operations Center Computerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationsCenterComputer

is defined by
http://dbpedia.org/resource/Mainframe_computer
Mainframe computers or mainframes (colloquially referred to as "big iron") are computers used primarily by large organizations for critical applications; bulk data processing, such as census, industry and consumer statistics, and enterprise resource planning; and transaction processing. They are larger and have more processing power than some other classes of computers: minicomputers, servers, workstations, and personal computers.
has super-classes
Shared Computerc

Optical Modemc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpticalModem

is defined by
http://dbpedia.org/resource/Modem#Optical_modem
A modem that connects to a fiber optic network is known as an optical network terminal (ONT) or optical network unit (ONU). These are commonly used in fiber to the home installations, installed inside or outside a house to convert the optical medium to a copper Ethernet interface, after which a router or gateway is often installed to perform authentication, routing, NAT, and other typical consumer internet functions, in addition to "triple play" features such as telephony and television service.
has super-classes
Modemc

Orchestration Controllerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationController

has super-classes
Orchestration Serverc
containsop some Container Orchestration Softwarec
is also defined as
named individual

Orchestration Serverc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationServer

A d3f:Server which is involved with the orchestration of workloads or the execution of orchestrated workloads.
has super-classes
Serverc
has sub-classes
Orchestration Controllerc, Orchestration Workerc

Orchestration Workerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationWorker

A d3f:Server which receives commands from a d3f:OrchestrationController to execute workloads.
has super-classes
Orchestration Serverc

Organizationc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Organization

has super-classes
Agentc
has sub-classes
Providerc

OS Credential Dumpingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003

has super-classes
Credential Access Techniquec
accessesop some Credentialc
has sub-classes
/etc/passwd and /etc/shadowc, Cached Domain Credentialsc, DCSyncc, LSA Secretsc, LSASS Memoryc, NTDSc, Proc Filesystemc, Security Account Managerc
is also defined as
named individual

Outbound Internet DNS Lookup Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetDNSLookupTraffic

has super-classes
DNS Network Trafficc
Outbound Internet Network Trafficc
may-containop some DNS Lookupc
is also defined as
named individual

Outbound Internet Encrypted Remote Terminal Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetEncryptedRemoteTerminalTraffic

has super-classes
Outbound Internet Encrypted Trafficc
is also defined as
named individual

Outbound Internet Encrypted Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetEncryptedTraffic

has super-classes
Outbound Internet Network Trafficc
has sub-classes
Outbound Internet Encrypted Remote Terminal Trafficc, Outbound Internet Encrypted Web Trafficc
is also defined as
named individual

Outbound Internet Encrypted Web Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetEncryptedWebTraffic

has super-classes
Outbound Internet Encrypted Trafficc
Outbound Internet Web Trafficc
is also defined as
named individual

Outbound Internet File Transfer Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetFileTransferTraffic

has super-classes
File Transfer Network Trafficc
Outbound Internet Network Trafficc
containsop some Filec
is also defined as
named individual

Outbound Internet Mail Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetMailTraffic

has super-classes
Outbound Internet Network Trafficc
is also defined as
named individual

Outbound Internet Network Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetNetworkTraffic

has super-classes
Internet Network Trafficc
has sub-classes
Outbound Internet DNS Lookup Trafficc, Outbound Internet Encrypted Trafficc, Outbound Internet File Transfer Trafficc, Outbound Internet Mail Trafficc, Outbound Internet RPC Trafficc, Outbound Internet Web Trafficc
is also defined as
named individual

Outbound Internet RPC Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetRPCTraffic

Outbound internet RPC traffic is RPC traffic that is: (a) on an outgoing connection initiated from a host within a network to a host outside the network, and (b) using a standard RPC protocol.
has super-classes
Outbound Internet Network Trafficc
RPC Network Trafficc

Outbound Internet Web Trafficc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetWebTraffic

has super-classes
Outbound Internet Network Trafficc
Web Network Trafficc
may-containop some URLc
has sub-classes
Outbound Internet Encrypted Web Trafficc
is also defined as
named individual

Outbound Traffic Filteringc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundTrafficFiltering

has super-classes
Network Isolationc
filtersop some Network Trafficc
is also defined as
named individual

Outlook Formsc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.003

has super-classes
Office Application Startupc
addsop some Office Application Filec
is also defined as
named individual

Outlook Home Pagec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.004

has super-classes
Office Application Startupc
modifiesop some Application Configuration Databasec
is also defined as
named individual

Outlook Rulesc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.005

has super-classes
Office Application Startupc
modifiesop some Application Configuration Databasec
is also defined as
named individual

Output Devicec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutputDevice

is defined by
http://dbpedia.org/resource/Output_device
An output device is any piece of computer hardware equipment which converts information into human-readable form. It can be text, graphics, tactile, audio, and video. Some of the output devices are Visual Display Units (VDU) i.e. a Monitor, Printer, Graphic Output devices, Plotters, Speakers etc. A new type of Output device is been developed these days, known as Speech synthesizer, a mechanism attached to the computer which produces verbal output sounding almost like human speeches.
has super-classes
Hardware Devicec
has sub-classes
Display Adapterc

Packet Logc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PacketLog

has super-classes
Logc
recordsop some Network Sessionc
is also defined as
named individual

Parent PID Spoofingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.004

has super-classes
Access Token Manipulationc
invokesop some Create Processc
is also defined as
named individual

Parent Processc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ParentProcess

is defined by
http://dbpedia.org/resource/Parent_process
In computing, a parent process is a process that has created one or more child processes.
has super-classes
Processc

Partitionc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Partition

has super-classes
Digital Artifactc
is also defined as
named individual

Partition Tablec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PartitionTable

has super-classes
Digital Artifactc
addressesop some Partitionc
is also defined as
named individual

Pass The Hashc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.002

has super-classes
Use Alternate Authentication Materialc
createsop some Authenticationc
is also defined as
named individual

Pass The Ticketc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.003

has super-classes
Use Alternate Authentication Materialc
createsop some Authenticationc
is also defined as
named individual

Passive Certificate Analysisc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassiveCertificateAnalysis

has super-classes
Certificate Analysisc
has members
Passive Certificate Analysisni
is also defined as
named individual

Passwordc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Password

has super-classes
Credentialc
is also defined as
named individual

Password Crackingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.002

has super-classes
Brute Forcec
accessesop some Encrypted Credentialc
is also defined as
named individual

Password Databasec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordDatabase

A password database is a database that holds passwords for user accounts and is usually encrypted (i.e.., the passwords are hashed). Password databases are found supporting system services (such as SAM) or part of user applications such as password managers.
has super-classes
Databasec
has sub-classes
Password Filec, Password Storec, System Password Databasec

Password Filec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordFile

has super-classes
Filec
Password Databasec
is also defined as
named individual

Password Filter DLLc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.002

has super-classes
Modify Authentication Processc
createsop some Shared Library Filec
modifiesop some System Configuration Database Recordc
is also defined as
named individual

Password Guessingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.001

has super-classes
Brute Forcec
modifiesop some Authentication Logc
producesop some Authenticationc
is also defined as
named individual

Password Managerc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordManager

is defined by
http://dbpedia.org/resource/Password_manager
A password manager is a software application or hardware that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password: a single, ideally very strong password which grants the user access to their entire password database. Some password managers store passwords on the user's computer (called offline password managers), whereas others store data in the provider's cloud (often called online password managers). However offline password managers also offer data storage in the user's own cloud accounts rather than the provider's cloud. While the core functionality of a password manager is to securely store large collections of passwords, many provide additional features such as form filling and password generation.
has super-classes
Applicationc

Password Policy Discoveryc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1201

has super-classes
Discovery Techniquec

Password Sprayingc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.003

has super-classes
Brute Forcec
may-createop some Intranet Administrative Network Trafficc
modifiesop some Authentication Logc
producesop some Authenticationc
is also defined as
named individual

Password Storec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordStore

has super-classes
Password Databasec
has sub-classes
In-memory Password Storec, MacOS Keychainc
is also defined as
named individual

Patentc back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Patent

has super-classes
Documentc
is also defined as
named individual

Patent Referencec back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PatentReference

has super-classes
Technique Referencec
has members
Reference - Privacy and security systems and methods of useni, Reference - Account monitoring - Forescout Technologiesni, Reference - Active firewall system and methodology - McAfee LLCni, Reference - Anomaly Detection Using Adaptive Behavioral Profiles - Securonix Incni, Reference - Anti-tamper system with self-adjusting guards - ARXAN TECHNOLOGIES Incni, Reference - Approaches for securing an internet endpoint using fine-grained operating system virtualization - Bromium, Inc.ni, Reference - Architecture of transparent network security for application containers - Neuvector Incni, Reference - Automatically generating network resource groups and assigning customized decoy policies thereto - Illusive Networks Ltdni, Reference - Automatically generating rules for connection security - Microsoftni, Reference - Biometric Challenge-Response Authentication - Accentureni, Reference - Broadcast isolation and level 3 network switch - Hewlett Packard Enterprise Development LPni, Reference - Computational modeling and classification of data streams - Crowdstrike Incni, Reference - Computer Worm Defense System and Method - FireEye Incni, Reference - Computer motherboard having peripheral security functionsni, Reference - Computer-implemented methods and systems for identifying visually similar text character strings - Greathorn Incni, Reference - Computing apparatus with automatic integrity reference generation and maintenance - Tripwire, Inc.ni, Reference - Content extractor and analysis system - Bit 9 Inc, Carbon Black Incni,