File and Directory Permissions Modification

Adversaries may modify file or directory permissions to evade defenses.

Modifies Watchdog functionality

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Creates/modifies Cron job

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

Creates/modifies environment variables

Creating/modifying environment variables is a common persistence mechanism.

Enumerates active TCP sockets

Gets active TCP sockets from /proc virtual filesystem.

Modifies systemd

Adds/ modifies systemd service files. Likely to achieve persistence.

Modifies Bash startup script