EXPLORE
← Back to Explore
T1554

Compromise Host Software Binary

Adversaries may modify host software binaries to establish persistent access to systems. Software binaries/executables provide a wide range of system commands or services, programs, and libraries. Common software binaries are SSH clients, FTP clients, email clients, web browsers, and many other user or server applications. Adversaries may establish persistence though modifications to host software binaries. For example, an adversary may replace or otherwise infect a legitimate application binar...

ESXiLinuxmacOSWindows
19
Detections
3
Sources
2
Threat Actors

BY SOURCE

10elastic5sigma4splunk_escu

PROCEDURES (12)

Service3 detections

Auto-extracted: 3 detections for service

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Privilege2 detections

Auto-extracted: 2 detections for privilege

Credential2 detections

Auto-extracted: 2 detections for credential

Masquerad1 detections

Auto-extracted: 1 detections for masquerad

Credential1 detections

Auto-extracted: 1 detections for credential

Inject1 detections

Auto-extracted: 1 detections for inject

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Unusual1 detections

Auto-extracted: 1 detections for unusual

Unusual1 detections

Auto-extracted: 1 detections for unusual

Unusual1 detections

Auto-extracted: 1 detections for unusual

Masquerad1 detections

Auto-extracted: 1 detections for masquerad

THREAT ACTORS (2)

DETECTIONS (19)