T1547.009 Shortcut Modification Mappings

Adversaries may create or edit shortcuts to run a program during system boot or user login. Shortcuts or symbolic links are ways of referencing other files or programs that will be opened or executed when the shortcut is clicked or executed by a system startup process.

Adversaries could use shortcuts to execute their tools for persistence. They may create a new shortcut as a means of indirection that may use Masquerading to look like a legitimate program. Adversaries could also edit the target path or entirely replace an existing shortcut so their tools will be executed instead of the intended legitimate program.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1547.009 Shortcut Modification
AC-3 Access Enforcement Protects T1547.009 Shortcut Modification
AC-5 Separation of Duties Protects T1547.009 Shortcut Modification
AC-6 Least Privilege Protects T1547.009 Shortcut Modification
CM-5 Access Restrictions for Change Protects T1547.009 Shortcut Modification
IA-2 Identification and Authentication (organizational Users) Protects T1547.009 Shortcut Modification
azure_sentinel Azure Sentinel technique_scores T1547.009 Shortcut Modification
file_integrity_monitoring File Integrity Monitoring technique_scores T1547.009 Shortcut Modification