File and Directory Permissions Modification

Adversaries may modify file or directory permissions to evade defenses.

Executes dropped EXE

Creates/modifies Cron job

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

Creates/modifies environment variables

Creating/modifying environment variables is a common persistence mechanism.

Enumerates running processes

Discovers information about currently running processes on the system

Modifies init.d

Adds/modifies system service, likely for persistence.

Modifies systemd

Adds/ modifies systemd service files. Likely to achieve persistence.

Write file to user bin folder

Modifies Bash startup script