Launch Daemon Persistence¶
An adversary can maintain persistence by installing a new launch daemon that can be configured to execute upon startup
| id: | 24cb8b7c-92fe-4d62-af0e-d3de993cd48b |
|---|---|
| categories: | enrich |
| confidence: | low |
| os: | macos |
| created: | 7/26/2019 |
| updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
| tactics: | Privilege Escalation, Persistence |
|---|---|
| techniques: | T1160 Launch Daemon |
Query¶
process where subtype.create and
parent_process_name == "launchd"