Skip to content

Hide Navigation Hide TOC

Disable Or Stop Services (de25eeb8-3655-4643-ac3a-b662d3f26b6b)

Detects the usage of utilities such as 'systemctl', 'service'...etc to stop or disable tools and services on Linux systems. Attackers may stop or disable security tools and services to evade detection, maintain persistence, or disrupt system operations.

Cluster A Galaxy A Cluster B Galaxy B Level
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Disable Or Stop Services (de25eeb8-3655-4643-ac3a-b662d3f26b6b) Sigma-Rules 1
Disable Or Stop Services (de25eeb8-3655-4643-ac3a-b662d3f26b6b) Sigma-Rules Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 1