TA0003ATT&CK 14.1

TA0003Persistence

Description

The adversary is trying to maintain their foothold. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

Techniques in this tactic· 21

T1037

Boot or Logon Initialization Scripts

T1053

Scheduled Task/Job

T1078

T1098

Account Manipulation

T1133

External Remote Services

T1136

T1137

Office Application Startup

T1176

Browser Extensions

T1197

T1205

Traffic Signaling

T1504

PowerShell Profile

T1505

Server Software Component

T1519

T1525

Implant Internal Image

T1542

T1543

Create or Modify System Process

T1546

Event Triggered Execution

T1547

Boot or Logon Autostart Execution

T1554

Compromise Client Software Binary

T1556

Modify Authentication Process

T1574

Hijack Execution Flow

Sub-techniques in this tactic· 98

T1037.001 T1037.002 T1037.003 T1037.004 T1037.005 T1053.001 T1053.002 T1053.003 T1053.004 T1053.005 T1053.006 T1053.007 T1078.001 T1078.002 T1078.003 T1078.004 T1098.001 T1098.002 T1098.003 T1098.004 T1098.005 T1098.006 T1136.001 T1136.002 T1136.003 T1137.001 T1137.002 T1137.003 T1137.004 T1137.005 T1137.006 T1205.001 T1205.002 T1505.001 T1505.002 T1505.003 T1505.004 T1505.005 T1542.001 T1542.002+58 more

References

https://attack.mitre.org/tactics/TA0003

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Boot or Logon Initialization Scripts

Privilege Escalation

Clear Persistence

Boot or Logon Autostart Execution

Command and Control

Defense Evasion

Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, Founder at SQUR.