System Information Discovery Using Ioreg (2d5e7a8b-f484-4a24-945d-7f0efd52eab0)
Detects the use of "ioreg" which will show I/O Kit registry information. This process is used for system information discovery. It has been observed in-the-wild by calling this process directly or using bash and grep to look for specific strings.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Information Discovery Using Ioreg (2d5e7a8b-f484-4a24-945d-7f0efd52eab0) | Sigma-Rules | System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) | Attack Pattern | 1 |