Skip to content

Hide Navigation Hide TOC

Startup Items (dfe8b941-4e54-4242-b674-6b613d521962)

Detects creation of startup item plist files that automatically get executed at boot initialization to establish persistence.

Cluster A Galaxy A Cluster B Galaxy B Level
Startup Items (dfe8b941-4e54-4242-b674-6b613d521962) Sigma-Rules Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern 1
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern 2