Details
-
Type:
Task
-
Status: To Do
-
Priority:
Medium
-
Resolution: Unresolved
-
Labels:None
-
datasources:Process command-line parameters, Process monitoring, File monitoring
-
id:T1023
-
tactic:persistence
-
maturity:Not Tracked
Description
Shortcuts or symbolic links are ways of referencing other files or programs that will be opened or executed when the shortcut is clicked or executed by a system startup process. Adversaries could use shortcuts to execute their tools for persistence. They may create a new shortcut as a means of indirection that may use [Masquerading](https://attack.mitre.org/techniques/T1036) to look like a legitimate program. Adversaries could also edit the target path or entirely replace an existing shortcut so their tools will be executed instead of the intended legitimate program.
