Awesome Malware Persistence

Gathering information related to malware persistence is crucial for understanding how malware maintains its presence on infected systems. This process involves identifying the various methods used by malware to achieve persistence, ensuring that it can continue to operate even after a system restart or user intervention.

This repository gathers various pieces of currently scattered information related to the detection, response, and log collection of malware persistence mechanisms.

This section examines a common characteristic shared among various malware families: their ability to maintain persistence on a target host. Additionally, malware often referred to as "fileless" also achieves persistence on the target. However, it does so not by using standard files within the file system, but instead by modifying configuration files, such as the Windows Registry or cron jobs. Regrettably, many blog posts about malware provide extensive details on various IP addresses and hash values, yet only a few emphasize the persistence mechanisms used in attacks. This is notable because persistence mechanisms are typically more stable and challenging for attackers to alter. Utilizing persistence mechanisms for malware detection is generally more effective than relying on frequently changing IP addresses or hashes. If you are seeking a general overview of persistence techniques along with links to valuable resources, please refer to the overview of commonly and less commonly used persistence methods.