Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Persistence/ T1543.001

T1543.001Launch Agent

T1543.001 — Launch Agent is a MITRE ATT&CK technique in the Persistence tactic. Clankerusecase tracks 12 detection use cases covering it and 9 threat-intel articles citing it.

PersistencePrivilege Escalation
View on the matrix → Filter Detection Library MITRE official spec ↗
12Use cases
9Articles
0Sub-techniques
2Tactics
↑ Parent technique: T1543 · Create or Modify System Process

Use cases covering this technique (12)

Suspicious PlistBuddy Usage ESCU actions · alerting P Suspicious PlistBuddy Usage via OSquery ESCU actions · alerting P Article-specific behavioural hunt — Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blo Bespoke exploit · hunting DSP Article-specific behavioural hunt — Nx Console VS Code Extension Compromised Bespoke exploit · hunting DSP [LLM] macOS LaunchAgent Persistence — com.user.kitty-monitor.plist (Nx Console Compromise) Bespoke install · alerting DSΣPDDCS [LLM] Mini Shai-Hulud 'gh-token-monitor' persistence daemon (LaunchAgent / systemd) Bespoke install · alerting DSΣPDDCS [LLM] macOS LaunchAgent/LaunchDaemon plist persistence pointing at Python interpreter Bespoke install · hunting DSΣPDDCS [LLM] macOS Python backdoor persistence via kitty-monitor LaunchAgent and cat.py drop Bespoke install · alerting DSΣPDDCS Article-specific behavioural hunt — Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Bespoke exploit · hunting DSP Article-specific behavioural hunt — TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromi Bespoke exploit · hunting DSP Article-specific behavioural hunt — TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack Bespoke exploit · hunting DSP Article-specific behavioural hunt — Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, ma Bespoke exploit · hunting DSP

Articles citing this technique (9)

high Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter art-78
high Nx Console VS Code Extension Compromised art-146
high Why developer machines are now the number one target for supply chain attacks art-208
crit 5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough art-230
crit The Wild West of VS Code extensions and how a poisoned extension breached GitHub art-236
crit Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account art-270
crit TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages art-312
crit TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack art-318
high Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor art-412