technique
https://www.freedesktop.org/wiki/Software/systemd/
Freedesktop.org. (2018, September 29). systemd System and Service Manager. Retrieved April 23, 2019.
technique
http://man7.org/linux/man-pages/man1/systemd.1.html
Linux man-pages. (2014, January). systemd(1) - Linux manual page. Retrieved April 23, 2019.
technique
https://www.rapid7.com/db/modules/exploit/linux/local/service_persistence
Rapid7. (2016, June 22). Service Persistence. Retrieved April 23, 2019.
technique
https://lists.archlinux.org/pipermail/aur-general/2018-July/034153.html
Eli Schwartz. (2018, June 8). acroread package compromised. Retrieved April 23, 2019.
technique
https://gist.github.com/campuscodi/74d0d2e35d8fd9499c76333ce027345a
Catalin Cimpanu. (2018, July 10). ~x file downloaded in public Arch package compromise. Retrieved April 23, 2019.
technique
https://attack.mitre.org/techniques/T1501
technique
https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg
Apple. (n.d.). Apple Developer Documentation - AuthorizationExecuteWithPrivileges. Retrieved August 8, 2019.
technique
https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-varian
Carbon Black Threat Analysis Unit. (2019, February 12). New macOS Malware Variant of Shlayer (OSX) Discovered. Retrieved August 8, 2019.
technique
https://speakerdeck.com/patrickwardle/defcon-2017-death-by-1000-installers-its-all-broken?slide=8
Patrick Wardle. (2017). Death by 1000 installers; it's all broken!. Retrieved August 8, 2019.
technique
https://objective-see.com/blog/blog_0x2A.html
Patrick Wardle. (2018, February 17). Tearing Apart the Undetected (OSX)Coldroot RAT. Retrieved August 8, 2019.