| ID | OB0012 |
| Created | 1 August 2019 |
| Last Modified | 31 October 2022 |
Behaviors that enable malware to remain on a system regardless of system events, such as reboots.
- Bootkit F0013
- Component Firmware F0009
- Hide Artifacts E1564
- Hidden Files and Directories F0005
- Hijack Execution Flow E1574
- Install Insecure or Malicious Configuration B0047
- Kernel Modules and Extensions F0010
- Malicious Network Driver B0026
- Modify Existing Service F0011
- Modify Registry E1112
- Registry Run Keys / Startup Folder F0012
- Ingress Tool Transfer E1105
- Shutdown Event B0035