← Back to Explore
T1647
Plist File Modification
Adversaries may modify property list files (plist files) to enable other malicious activity, while also potentially evading and bypassing system defenses. macOS applications use plist files, such as the <code>info.plist</code> file, to store properties and configuration settings that inform the operating system how to handle the application at runtime. Plist files are structured metadata in key-value pairs formatted in XML based on Apple's Core Foundation DTD. Plist files can be saved in text or...
macOS
6
Detections
2
Sources
0
Threat Actors
BY SOURCE
5elastic1splunk_escu
PROCEDURES (4)
Persist3 detections
Auto-extracted: 3 detections for persist
Persist1 detections
Auto-extracted: 1 detections for persist
Script Execution Monitoring1 detections
Auto-extracted: 1 detections for script execution monitoring
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring
DETECTIONS (6)
Creation of Hidden Login Item via Apple Script
elasticmedium
MacOS plutil
splunk_escu
Modification of Safari Settings via Defaults Command
elasticmedium
Potential Persistence via Login Hook
elasticmedium
SoftwareUpdate Preferences Modification
elasticmedium
Suspicious Apple Mail Rule Plist Modification
elasticmedium