T1053.001 At (Linux) Mappings

Adversaries may abuse the at utility to perform task scheduling for initial or recurring execution of malicious code. The at command within Linux operating systems enables administrators to schedule tasks.(Citation: Kifarunix - Task Scheduling in Linux)

An adversary may use at in Linux environments to execute programs at system startup or on a scheduled basis for persistence. at can also be abused to conduct remote Execution as part of Lateral Movement and or to run a process under the context of a specified account.



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1053.001 At (Linux)
AC-3 Access Enforcement Protects T1053.001 At (Linux)
AC-5 Separation of Duties Protects T1053.001 At (Linux)
AC-6 Least Privilege Protects T1053.001 At (Linux)
CA-8 Penetration Testing Protects T1053.001 At (Linux)
CM-5 Access Restrictions for Change Protects T1053.001 At (Linux)
IA-2 Identification and Authentication (organizational Users) Protects T1053.001 At (Linux)
RA-5 Vulnerability Monitoring and Scanning Protects T1053.001 At (Linux)
SI-4 System Monitoring Protects T1053.001 At (Linux)
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1053.001 Scheduled Task/Job: At (Linux)
amazon_inspector Amazon Inspector technique_scores T1053.001 At (Linux)