Common Information
| Type | Value |
|---|---|
| Value |
Boot or Logon Autostart Execution - T1547 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems. Operating systems may have mechanisms for automatically running a program on system boot or account logon.(Citation: Microsoft Run Key)(Citation: MSDN Authentication Packages)(Citation: Microsoft TimeProvider)(Citation: Cylance Reg Persistence Sept 2013)(Citation: Linux Kernel Programming) These mechanisms may include automatically executing programs that are placed in specially designated directories or are referenced by repositories that store configuration information, such as the Windows Registry. An adversary may achieve the same goal by modifying or extending features of the kernel. Since some boot or logon autostart programs run with higher privileges, an adversary may leverage these to elevate privileges. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-05-15 | 45 | To the Moon and back(doors): Lunar landing in diplomatic missions | ||
| Details | Website | 2024-05-06 | 27 | HijackLoader Updates | ||
| Details | Website | 2024-04-11 | 24 | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear | ||
| Details | Website | 2024-04-04 | 67 | BlueDuck: an(other) Infostealer Coveting Digital Marketing Agencies’ Facebook Business Accounts | ||
| Details | Website | 2024-03-27 | 65 | European diplomats targeted by SPIKEDWINE with WINELOADER | ||
| Details | Website | 2024-03-22 | 35 | Unveiling KamiKakaBot - Malware Analysis - Nextron Systems | ||
| Details | Website | 2024-02-23 | 85 | SlashAndGrab: ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708) | Huntress | ||
| Details | Website | 2024-02-20 | 137 | Earth Preta Campaign Uses DOPLUGS to Target Asia | ||
| Details | Website | 2024-01-30 | 109 | Recent DarkGate Activity & Trends | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-11-19 | 117 | LitterDrifter: a new USB worm used by the Gamaredon group | ||
| Details | Website | 2023-11-06 | 47 | D0nut encrypt me, I have a wife and no backups | ||
| Details | Website | 2023-11-06 | 203 | SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT - Blogs on Information Technology, Network & Cybersecurity | Seqrite | ||
| Details | Website | 2023-10-31 | 53 | An In-Depth Look at Rhysida Ransomware | ||
| Details | Website | 2023-10-25 | 94 | A pirated program downloaded from a torrent site infected hundreds of thousands of users | ||
| Details | Website | 2023-10-24 | 95 | Атаки на индустриальный и государственный секторы РФ | ||
| Details | Website | 2023-10-23 | 273 | Red Team Tools | ||
| Details | Website | 2023-10-17 | 92 | Anomali Cyber Watch: RomCom 4.0 Targeted Female Politicians, Israeli RedAlert App Impersonated, and More. – Anomali | ||
| Details | Website | 2023-10-11 | 99 | Qakbot evolves to OneNote Malware Distribution | ||
| Details | Website | 2023-10-10 | 21 | Malware Trends Report: Q3, 2023 - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2023-10-06 | 39 | Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads | ||
| Details | Website | 2023-10-05 | 6 | APT Profile: Dark Pink APT Group | ||
| Details | Website | 2023-10-03 | 23 | Statc Stealer: Decoding the Elusive Malware Threat | ||
| Details | Website | 2023-10-03 | 161 | JanelaRAT: Repurposed BX Rat Variant Targeting LATAM FinTech | ||
| Details | Website | 2023-09-22 | 56 | Examining the Activities of the Turla APT Group |