Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Execution/ T1053.003

T1053.003Cron

T1053.003 — Cron is a MITRE ATT&CK technique in the Execution tactic. Clankerusecase tracks 14 detection use cases covering it and 4 threat-intel articles citing it.

ExecutionPersistencePrivilege Escalation
View on the matrix → Filter Detection Library MITRE official spec ↗
14Use cases
4Articles
0Sub-techniques
3Tactics
↑ Parent technique: T1053 · Scheduled Task/Job

Use cases covering this technique (14)

Cisco Isovalent - Cron Job Creation ESCU actions · hunting P Linux Add Files In Known Crontab Directories ESCU actions · hunting P Linux Adding Crontab Using List Parameter ESCU actions · hunting P Linux At Allow Config File Creation ESCU actions · hunting P Linux Auditd Edit Cron Table Parameter ESCU actions · hunting P Linux Auditd Possible Append Cronjob Entry On Existing Cronjob File ESCU actions · hunting P Linux Edit Cron Table Parameter ESCU actions · hunting P Linux Possible Append Cronjob Entry on Existing Cronjob File ESCU actions · hunting P Linux Possible Cronjob Modification With Editor ESCU actions · hunting P Cisco Secure Firewall - Wget or Curl Download ESCU actions · hunting P [LLM] Persistence written to user shell init or systemd user units from AUR build/install scriptlet Bespoke install · hunting DSΣPDDCS [LLM] DbGate Zip Slip (CVE-2026-47669): node process writes outside archive dir to OS-sensitive paths Bespoke install · alerting DSΣPDDCS [LLM] Cron/persistence file written on Kubernetes worker node from container runtime context Bespoke install · alerting DSΣPDDCS [LLM] Shai-Hulud bundle.js dropped on disk (SHA256 + filename hunt) Bespoke install · hunting DSΣPDD

Articles citing this technique (4)

crit 400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security art-14
crit [GHSA / CRITICAL] CVE-2026-47669: DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE art-119
crit [GHSA / CRITICAL] CVE-2026-44180: Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass art-135
crit Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages art-690