Plist File Modification (T1647)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Plist File Modification

Associated Tactics

  • Defense Evasion

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
ESET. (2012, January 1). OSX/Flashback. Retrieved April 19, 2022. eset_osx_flashback
FileInfo.com team. (2019, November 26). .PLIST File Extension. Retrieved October 12, 2021. fileinfo plist file description
Patrick Wardle. (2022, January 1). The Art of Mac Malware Volume 0x1:Analysis. Retrieved April 19, 2022. wardle chp2 persistence