T1037.003 Network Logon Script Mappings

Adversaries may use network logon scripts automatically executed at logon initialization to establish persistence. Network logon scripts can be assigned using Active Directory or Group Policy Objects.(Citation: Petri Logon Script AD) These logon scripts run with the privileges of the user they are assigned to. Depending on the systems within the network, initializing one of these scripts could apply to more than one or potentially all systems.

Adversaries may use these scripts to maintain persistence on a network. Depending on the access configuration of the logon scripts, either local credentials or an administrator account may be necessary.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-3 Access Enforcement Protects T1037.003 Network Logon Script
CA-7 Continuous Monitoring Protects T1037.003 Network Logon Script
CM-2 Baseline Configuration Protects T1037.003 Network Logon Script
CM-6 Configuration Settings Protects T1037.003 Network Logon Script
SI-3 Malicious Code Protection Protects T1037.003 Network Logon Script
SI-4 System Monitoring Protects T1037.003 Network Logon Script
SI-7 Software, Firmware, and Information Integrity Protects T1037.003 Network Logon Script
attribute.integrity.variety.Modify configuration Modified configuration or services related-to T1037.003 Boot or Logon Initialization Scripts: Network Logon Script