Skip to content

Hide Navigation Hide TOC

System Information Discovery Via Sysctl - MacOS (6ff08e55-ea53-4f27-94a1-eff92e6d9d5c)

Detects the execution of "sysctl" with specific arguments that have been used by threat actors and malware. It provides system hardware information. This process is primarily used to detect and avoid virtualization and analysis environments.

Cluster A Galaxy A Cluster B Galaxy B Level
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern System Information Discovery Via Sysctl - MacOS (6ff08e55-ea53-4f27-94a1-eff92e6d9d5c) Sigma-Rules 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern System Information Discovery Via Sysctl - MacOS (6ff08e55-ea53-4f27-94a1-eff92e6d9d5c) Sigma-Rules 1
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 2