ID	B0047
Objective(s)	Defense Evasion, Persistence
Related ATT&CK Techniques	None
Version	3.0
Created	13 December 2019
Last Modified	4 March 2023

Install Insecure or Malicious Configuration

Malware may install malicious configuration settings or may modify existing configuration settings. For example, malware may change configuration settings associated with security mechanisms to make it difficult to detect or change configuration settings to maintain a foothold on the network.

Use in Malware

Name	Date	Method	Description
Black Energy	2007	--	Malware configures the system to the TESTSIGNING boot configuration option to load its unsigned driver component. [1]
YiSpecter	2015	--	The malware changes iOS Safari's default configuration. [2]

References

[1] https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf

[2] https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

install-insecure-or-malicious-configuration.md

install-insecure-or-malicious-configuration.md

Install Insecure or Malicious Configuration

Use in Malware

References

Files

install-insecure-or-malicious-configuration.md

Latest commit

History

install-insecure-or-malicious-configuration.md

File metadata and controls

Install Insecure or Malicious Configuration

Use in Malware

References