Compromise Host Software Binary (T1554)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Compromise Host Software Binary

Associated Tactics

  • Persistence

Persistence (TA0003)

The adversary is trying to maintain their foothold. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

View on ATT&CK

Procedure Examples

Description Source(s)
Punsaen Boonyakarn, Shawn Chew, Logeswaran Nadarajan, Mathew Potaczek, Jakub Jozwiak, and Alex Marvi. (2024, June 18). Cloaked and Covert: Uncovering UNC3886 Espionage Operations. Retrieved September 24, 2024. Google Cloud Mandiant UNC3886 2024
Or Chechik. (2022, October 31). Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure. Retrieved September 27, 2023. Unit42 Banking Trojans Hooking 2022
Vladislav Hrčka. (2021, January 1). FontOnLake. Retrieved September 27, 2023. ESET FontOnLake Analysis 2021