Launch Daemon (T1160)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Launch Daemon

Associated Tactics

  • Persistence
  • Privilege Escalation

Persistence (TA0003)

The adversary is trying to maintain their foothold. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

View on ATT&CK

Procedure Examples

Description Source(s)
Apple. (n.d.). Creating Launch Daemons and Agents. Retrieved July 10, 2017. AppleDocs Launch Agent Daemons
Patrick Wardle. (2014, September). Methods of Malware Persistence on Mac OS X. Retrieved July 5, 2017. Methods of Mac Malware Persistence
Patrick Wardle. (2016, February 29). Let's Play Doctor: Practical OS X Malware Detection & Analysis. Retrieved July 10, 2017. OSX Malware Detection
Claud Xiao. (n.d.). WireLurker: A New Era in iOS and OS X Malware. Retrieved July 10, 2017. WireLurker