Boot or Logon Initialization Scripts (T1037)

View on ATT&CK

In Playbook

Technique & Subtechniques

Associated Tactics

  • Persistence
  • Privilege Escalation

Persistence (TA0003)

The adversary is trying to maintain their foothold. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

View on ATT&CK

Procedure Examples

Description Source(s)
Anomali Labs. (2019, March 15). Rocke Evolves Its Arsenal With a New Malware Family Written in Golang. Retrieved April 24, 2019. Anomali Rocke March 2019
Mandiant. (2022, May 2). UNC3524: Eye Spy on Your Email. Retrieved August 17, 2023. Mandiant APT29 Eye Spy Email Nov 22