Skip to content

Hide Navigation Hide TOC

System Information Discovery Via Sysctl - MacOS (6ff08e55-ea53-4f27-94a1-eff92e6d9d5c)

Detects the execution of "sysctl" with specific arguments that have been used by threat actors and malware. It provides system hardware information. This process is primarily used to detect and avoid virtualization and analysis environments.

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern System Information Discovery Via Sysctl - MacOS (6ff08e55-ea53-4f27-94a1-eff92e6d9d5c) Sigma-Rules 1
System Information Discovery Via Sysctl - MacOS (6ff08e55-ea53-4f27-94a1-eff92e6d9d5c) Sigma-Rules System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 1
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 2