← Back to Explore
T1546.014
Emond
Adversaries may gain persistence and elevate privileges by executing malicious content triggered by the Event Monitor Daemon (emond). Emond is a [Launch Daemon](https://attack.mitre.org/techniques/T1543/004) that accepts events from various services, runs them through a simple rules engine, and takes action. The emond binary at <code>/sbin/emond</code> will load any rules from the <code>/etc/emond.d/rules/</code> directory and take action once an explicitly defined event takes place. The rule f...
macOS
3
Detections
2
Sources
0
Threat Actors
BY SOURCE
2elastic1sigma
PROCEDURES (3)
Service1 detections
Auto-extracted: 1 detections for service
File Monitoring1 detections
Auto-extracted: 1 detections for file monitoring
Service1 detections
Auto-extracted: 1 detections for service