Skip to main content

Appendix 4 – Activity Designations in the Event Chain

Download PDF
New ProcessNew Process- New Process
AutostartAutostart- Autostart
New ServiceNew Service- New Service
Code InjectionCode Injection- Code Injection
Keyboard AccessKeyboard Access- Keyboard Access
Code Injection AccessCode Injection Access- Code Injection Access
Access to Autostart RegistryAccess to Autostart Registry- Access to Autostart Registry
Extraction of Executable FileExtraction of Executable File- Extraction of Executable File
Internet Connection EstablishedInternet Connection Established- Internet Connection Established
Waiting for Incoming ConnectionWaiting for Incoming Connection- Waiting for Incoming Connection
Local Network ConnectionLocal Network Connection- Local Network Connection
Internet Connection Attempt (Failed)Internet Connection Attempt (Failed)- Internet Connection Attempt (Failed)
Moving an Important FileMoving an Important File- Moving an Important File
Opening Another Executable FileOpening Another Executable File- Opening Another Executable File
Writing to Another Executable File (Modification)Writing to Another Executable File (Modification)- Writing to Another Executable File (Modification)
Infecting Another Executable File (Code Injection into File)Infecting Another Executable File (Code Injection into File)- Infecting Another Executable File (Code Injection into File)
Opening Multiple Executable FilesOpening Multiple Executable Files- Opening Multiple Executable Files
Writing to Multiple Executable Files (Mass Modification)Writing to Multiple Executable Files (Mass Modification)- Writing to Multiple Executable Files (Mass Modification)
Infecting Multiple Executable Files (Mass Code Injection into Files)Infecting Multiple Executable Files (Mass Code Injection into Files)- Infecting Multiple Executable Files (Mass Code Injection into Files)
Creating a New System Task for Task SchedulerCreating a New System Task for Task Scheduler- Creating a New System Task for Task Scheduler
Setting an Executable File for Autostart (via Task Scheduler)Setting an Executable File for Autostart (via Task Scheduler)- Setting an Executable File for Autostart (via Task Scheduler)
Suspicious Process Invaded a LEGITIMATE Process (DLL Injection)Suspicious Process Invaded a LEGITIMATE Process (DLL Injection)- Suspicious Process Invaded a LEGITIMATE Process (DLL Injection)
Untrusted Process Delays Execution (Possibly to Evade Detection)Untrusted Process Delays Execution (Possibly to Evade Detection)- Untrusted Process Delays Execution (Possibly to Evade Detection)
Low-Level Disk AccessLow-Level Disk Access- Low-Level Disk Access
Low-Level Access to Multiple DisksLow-Level Access to Multiple Disks- Low-Level Access to Multiple Disks
Low-Level Disk ManagementLow-Level Disk Management- Low-Level Disk Management
Registry Key MonitoringRegistry Key Monitoring- Registry Key Monitoring
Windows Installation IdentificationWindows Installation Identification- Windows Installation Identification
Unique Computer IdentificationUnique Computer Identification- Unique Computer Identification
Reads Internet SettingsReads Internet Settings- Reads Internet Settings
Attempting Multiple Internet ConnectionsAttempting Multiple Internet Connections- Attempting Multiple Internet Connections
Low-Level Disk WriteLow-Level Disk Write- Low-Level Disk Write
Deleting Another Executable FileDeleting Another Executable File- Deleting Another Executable File
Deleting Multiple Executable Files (Mass Deletion)Deleting Multiple Executable Files (Mass Deletion)- Deleting Multiple Executable Files (Mass Deletion)
Opening an Important FileOpening an Important File- Opening an Important File
Opening Multiple Important FilesOpening Multiple Important Files- Opening Multiple Important Files
Modifying an Important FileModifying an Important File- Modifying an Important File
Modifying Multiple Important FilesModifying Multiple Important Files- Modifying Multiple Important Files
Deleting an Important FileDeleting an Important File- Deleting an Important File
Deleting Multiple Important FilesDeleting Multiple Important Files- Deleting Multiple Important Files