Common Information
| Type | Value |
|---|---|
| Value |
Boot or Logon Autostart Execution - T1547 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems. Operating systems may have mechanisms for automatically running a program on system boot or account logon.(Citation: Microsoft Run Key)(Citation: MSDN Authentication Packages)(Citation: Microsoft TimeProvider)(Citation: Cylance Reg Persistence Sept 2013)(Citation: Linux Kernel Programming) These mechanisms may include automatically executing programs that are placed in specially designated directories or are referenced by repositories that store configuration information, such as the Windows Registry. An adversary may achieve the same goal by modifying or extending features of the kernel. Since some boot or logon autostart programs run with higher privileges, an adversary may leverage these to elevate privileges. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-09-22 | 57 | Examining the Activities of the Turla APT Group | ||
| Details | Website | 2023-09-15 | 816 | UNC3944: SMS Phishing, SIM Swapping, and Ransomware Attacks | ||
| Details | Website | 2023-09-05 | 41 | Dark Web Profile: Medusa Ransomware (MedusaLocker) | ||
| Details | Website | 2023-09-03 | 27 | LaplasClipper | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-24 | 28 | XWorm: Technical Analysis of a New Malware Version | ||
| Details | Website | 2023-08-09 | 26 | LOLKEK Unmasked | An In-Depth Analysis of New Samples and Evolving Tactics | ||
| Details | Website | 2023-08-08 | 50 | Utilization of Leaked Ransomware Builders in Tech-Related Scams | ||
| Details | Website | 2023-08-07 | 11 | New MerlinAgent Open-Source Tool Used by UAC-0154 Group to Target Ukrainian State Agencies - SOC Prime | ||
| Details | Website | 2023-08-03 | 43 | Sysmon | TryHackMe | ||
| Details | Website | 2023-08-03 | 56 | STRRAT's Latest Version Incorporates Dual Obfuscation Layers | ||
| Details | Website | 2023-07-27 | 50 | Dark Web Profile: 8Base Ransomware | ||
| Details | Website | 2023-07-27 | 117 | Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector | ||
| Details | Website | 2023-07-25 | 6 | APT Profile: Kimsuky - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2023-07-25 | 47 | Decoding RomCom: Behaviors and Opportunities for Detection | ||
| Details | Website | 2023-07-13 | 53 | Old Blackmoon Trojan, NEW Monetization Approach | Rapid7 Blog | ||
| Details | Website | 2023-07-13 | 12 | Malware Trends Report: Q2, 2023 - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2023-07-13 | 25 | Trojanized Application Preying on TeamViewer Users | ||
| Details | Website | 2023-07-06 | 239 | Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA | ||
| Details | Website | 2023-07-03 | 4 | APT Profile: FIN7 - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2023-06-29 | 98 | PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater | Deep Instinct | ||
| Details | Website | 2023-06-27 | 14 | Unveiling Wagner Group's Cyber-Recruitment | ||
| Details | Website | 2023-06-23 | 100 | Securonix Threat Labs Security Advisory: New MULTI#STORM Attack Campaign Involving Python-based Loader Masquerading as OneDrive Utilities Dropping Multiple RAT Payloads Using Security Analytics | ||
| Details | Website | 2023-06-14 | 23 | Understanding Ransomware Threat Actors: LockBit – Cyber Safe NV | ||
| Details | Website | 2023-06-09 | 207 | Over 45 thousand Users Fell Victim to Malicious PyPI Packages |