← Back to Explore
T1546.016
Installer Packages
Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system. Installer packages can include scripts that run prior to installation as well as after installation is complete. Installer scripts may inherit elevated permissions when executed. Developers often use these scripts to prepare the environment for i...
LinuxWindowsmacOS
9
Detections
1
Sources
0
Threat Actors
BY SOURCE
9elastic
PROCEDURES (5)
Inject3 detections
Auto-extracted: 3 detections for inject
Parent Process2 detections
Auto-extracted: 2 detections for parent process
Suspicious2 detections
Auto-extracted: 2 detections for suspicious
Suspicious1 detections
Auto-extracted: 1 detections for suspicious
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring
DETECTIONS (9)
APT Package Manager Configuration File Creation
elasticlow
DNF Package Manager Plugin File Creation
elasticlow
DPKG Package Installed by Unusual Parent Process
elasticlow
RPM Package Installed by Unusual Parent Process
elasticlow
Suspicious APT Package Manager Execution
elasticlow
Suspicious APT Package Manager Network Connection
elasticmedium
Suspicious File Creation via Pkg Install Script
elastichigh
Unusual DPKG Execution
elasticmedium
Yum Package Manager Plugin File Creation
elasticmedium