Threat Actors may establish persistence by executing malicious content triggered by an interrupt signal. The trapcommand allows programs and shells to specify commands that will be executed upon receiving interrupt signals. A common situation is a script allowing for graceful termination and handling of common keyboard interrupts like ctrl+c and ctrl+d.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.