Linux Detection Engineering - A primer on persistence mechanisms — Elastic Security Labs
Tags
cmtmf-attack-pattern: Boot Or Logon Autostart Execution Command And Scripting Interpreter Event Triggered Execution Scheduled Task/Job
attack-pattern: Data Direct Models Abuse Accessibility Features - T1453 Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Cron - T1053.003 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Local Account - T1087.001 Local Account - T1136.001 Malware - T1587.001 Malware - T1588.001 Private Keys - T1552.004 Python - T1059.006 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Setuid And Setgid - T1548.001 Ssh - T1021.004 Ssh Authorized Keys - T1098.004 Sudo And Sudo Caching - T1548.003 Systemd Service - T1543.002 Systemd Service - T1501 Systemd Timers - T1053.006 At - T1053.002 Unix Shell - T1059.004 Unix Shell Configuration Modification - T1546.004 Xdg Autostart Entries - T1547.013 Tool - T1588.002 Vulnerabilities - T1588.006 Unix Shell - T1623.001 Account Manipulation - T1098 Command-Line Interface - T1059 Create Account - T1136 New Service - T1050 Private Keys - T1145 Scheduled Task - T1053 Setuid And Setgid - T1166 Sudo - T1169
Show in Graph
Common Information
Type Value
UUID 9bb9c618-91b0-4a78-b931-ebbe53b22c46
Fingerprint b118c90cb1a58fc1
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 21, 2024, midnight
Added to db Aug. 31, 2024, 9:31 a.m.
Last updated Nov. 17, 2024, 12:54 p.m.
Headline Linux Detection Engineering -  A primer on persistence mechanisms
Title Linux Detection Engineering - A primer on persistence mechanisms — Elastic Security Labs
Detected Hints/Tags/Attributes 119/2/30
Source URLs
Redirection Url
Details Source https://www.elastic.co/security-labs/primer-on-persistence-mechanisms
URL Provider
Details Provider Source level domain
Details elastic.co www.elastic.co
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 306 Elastic Security Labs https://www.elastic.co/security-labs/rss/feed.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
panix.sh
Details Domain 17 
host.id
Details Domain 17 
host.name
Details Domain 75 
user.name
Details Domain 41 
multi-user.target
Details Domain 5 
timers.target
Details Domain 4 
default.target
Details File 37 
multi-user.tar
Details File 5 
timers.tar
Details File 3 
default.tar
Details File 115 
auth.log
Details File 49 
id_rsa.pub
Details File 1 
id_rsa1822.pub
Details IPv4 262 
192.168.1.1
Details MITRE ATT&CK Techniques 480 
T1053
Details MITRE ATT&CK Techniques 44 
T1053.003
Details MITRE ATT&CK Techniques 12 
T1053.002
Details MITRE ATT&CK Techniques 1 
T1453
Details MITRE ATT&CK Techniques 1 
T1453.002
Details MITRE ATT&CK Techniques 23 
T1543.002
Details MITRE ATT&CK Techniques 6 
T1053.006
Details MITRE ATT&CK Techniques 11 
T1546.004
Details MITRE ATT&CK Techniques 6 
T1547.013
Details MITRE ATT&CK Techniques 12 
T1548.001
Details MITRE ATT&CK Techniques 10 
T1548.003
Details MITRE ATT&CK Techniques 112 
T1098
Details MITRE ATT&CK Techniques 86 
T1136
Details MITRE ATT&CK Techniques 51 
T1136.001
Details MITRE ATT&CK Techniques 17 
T1098.004
Details MITRE ATT&CK Techniques 86 
T1059.004