Common Information
| Type | Value |
|---|---|
| Value |
Boot or Logon Autostart Execution - T1547 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on compromised systems. Operating systems may have mechanisms for automatically running a program on system boot or account logon.(Citation: Microsoft Run Key)(Citation: MSDN Authentication Packages)(Citation: Microsoft TimeProvider)(Citation: Cylance Reg Persistence Sept 2013)(Citation: Linux Kernel Programming) These mechanisms may include automatically executing programs that are placed in specially designated directories or are referenced by repositories that store configuration information, such as the Windows Registry. An adversary may achieve the same goal by modifying or extending features of the kernel. Since some boot or logon autostart programs run with higher privileges, an adversary may leverage these to elevate privileges. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-06-06 | 18 | UAC-0099 Activity Detection: Hackers Conduct Cyber-Espionage Operations Against Ukrainian State Bodies and Media Organizations - SOC Prime | ||
| Details | Website | 2023-06-05 | 30 | Ransomware Spotlight: TargetCompany - Security News | ||
| Details | Website | 2023-05-31 | 10 | PikaBot C2 Detected - 45[.]154[.]24[.]57:2078 - RedPacket Security | ||
| Details | Website | 2023-05-30 | 112 | Russia/Ukraine Update - May 2023 | ||
| Details | Website | 2023-05-24 | 54 | ProxyNation: The dark nexus between proxy apps and malware | ||
| Details | Website | 2023-05-23 | 23 | New MDBotnet Unleashes DDoS Attacks | ||
| Details | Website | 2023-05-16 | 33 | Elastic Security Labs discovers the LOBSHOT malware — Elastic Security Labs | ||
| Details | Website | 2023-05-12 | 138 | Securonix Threat Labs Security Advisory: Latest Update: Ongoing MEME#4CHAN Attack/Phishing Campaign uses Meme-Filled Code to Drop XWorm Payloads | ||
| Details | Website | 2023-05-03 | 100 | New KEKW Malware Variant Identified in PyPI Package Distribution | ||
| Details | Website | 2023-05-01 | 47 | SeroXen RAT for sale | ||
| Details | Website | 2023-04-03 | 26 | ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access | Mandiant | ||
| Details | Website | 2023-04-03 | 22 | Anomali Cyber Watch: Balada Injector Exploits WordPress Elementor Pro, Icon 3CX Stealer Detected by YARA, Koi Loader-Stealer Compresses-then-Encrypts Memory Streams | ||
| Details | Website | 2023-03-28 | 13 | Tracking the CHM Malware Using EDR - ASEC BLOG | ||
| Details | Website | 2023-03-23 | 78 | Earth Preta Updated Stealthy Strategies | ||
| Details | Website | 2023-03-23 | 68 | Cinoshi Project and the Dark Side of Free MaaS | ||
| Details | Website | 2023-03-23 | 78 | Earth Preta Updated Stealthy Strategies | ||
| Details | Website | 2023-03-23 | 80 | Earth Preta Updated Stealthy Strategies | ||
| Details | Website | 2023-03-21 | 52 | Notorious SideCopy APT group sets sights on India's DRDO | ||
| Details | Website | 2023-03-17 | 17 | SafeBreach Coverage for US-CERT Alert (AA23-075A) – #StopRansomware: LockBit 3.0 | ||
| Details | Website | 2023-03-17 | 52 | Recent Emotet Spam Campaign Utilizing New Tactics | ||
| Details | Website | 2023-03-16 | 51 | #StopRansomware: LockBit 3.0 | CISA | ||
| Details | Website | 2023-03-16 | 121 | Not‑so‑private messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets | WeLiveSecurity | ||
| Details | Website | 2023-03-14 | 59 | The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity | ||
| Details | Website | 2023-03-09 | 16 | BlackSnake Ransomware Emerges from Chaos Ransomware's Shadow | ||
| Details | Website | 2023-03-06 | 9 | Dark Web Profile: NoName057(16) - SOCRadar |