File and Directory Permissions Modification

Adversaries may modify file or directory permissions to evade defenses.

Modifies Watchdog functionality

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Creates/modifies environment variables

Creating/modifying environment variables is a common persistence mechanism.

Modifies init.d

Adds/modifies system service, likely for persistence.

Modifies rc script

Adding/modifying system rc scripts is a common persistence mechanism.

Modifies systemd

Adds/ modifies systemd service files. Likely to achieve persistence.

Modifies Bash startup script