{'created': '2023-08-24T17:23:34.470Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may evade defensive mechanisms by executing '
                'commands that hide from process interrupt signals. Many '
                'operating systems use signals to deliver messages to control '
                'process behavior. Command interpreters often include specific '
                'commands/flags that ignore errors and other hangups, such as '
                'when the user of the active session logs off.(Citation: Linux '
                'Signal Man)  These interrupt signals may also be used by '
                'defensive tools and/or analysts to pause or terminate '
                'specified running processes. \n'
                '\n'
                'Adversaries may invoke processes using `nohup`, '
                '[PowerShell](https://attack.mitre.org/techniques/T1059/001) '
                '`-ErrorAction SilentlyContinue`, or similar commands that may '
                'be immune to hangups.(Citation: nohup Linux Man)(Citation: '
                'Microsoft PowerShell SilentlyContinue) This may enable '
                'malicious commands and malware to continue execution through '
                'system events that would otherwise terminate its execution, '
                'such as users logging off or the termination of its C2 '
                'network connection.\n'
                '\n'
                'Hiding from process interrupt signals may allow malware to '
                'continue execution, but unlike '
                '[Trap](https://attack.mitre.org/techniques/T1546/005) this '
                'does not establish '
                '[Persistence](https://attack.mitre.org/tactics/TA0003) since '
                'the process will not be re-invoked once actually terminated.',
 'external_references': [{'external_id': 'T1564.011',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1564/011'},
                         {'description': 'Linux man-pages. (2023, April 3). '
                                         'signal(7). Retrieved August 30, '
                                         '2023.',
                          'source_name': 'Linux Signal Man',
                          'url': 'https://man7.org/linux/man-pages/man7/signal.7.html'},
                         {'description': 'Meyering, J. (n.d.). nohup(1). '
                                         'Retrieved August 30, 2023.',
                          'source_name': 'nohup Linux Man',
                          'url': 'https://linux.die.net/man/1/nohup'},
                         {'description': 'Microsoft. (2023, March 2). '
                                         '$DebugPreference. Retrieved August '
                                         '30, 2023.',
                          'source_name': 'Microsoft PowerShell '
                                         'SilentlyContinue',
                          'url': 'https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_preference_variables?view=powershell-7.3#debugpreference'}],
 'id': 'attack-pattern--4a2975db-414e-4c0c-bd92-775987514b4b',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'defense-evasion'}],
 'modified': '2025-04-15T22:41:11.807Z',
 'name': 'Ignore Process Interrupts',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_contributors': ['Viren Chaudhari, Qualys'],
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': True,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['Linux', 'macOS', 'Windows'],
 'x_mitre_version': '1.0'}