persist via GNOME autostart on Linux

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: persist via GNOME autostart on Linux
    namespace: persistence
    authors:
      - michael.hunhoff@mandiant.com
    scopes:
      static: function
      dynamic: thread
  features:
    - and:
      - os: linux
      - match: host-interaction/file-system/write
      - substring: "X-GNOME-Autostart-enabled=true"

last edited: 2023-11-24 10:35:00