EXPLORE
Sign In
← Back to Explore
T1053.006

Systemd Timers

Adversaries may abuse systemd timers to perform task scheduling for initial or recurring execution of malicious code. Systemd timers are unit files with file extension <code>.timer</code> that control services. Timers can be set to run on a calendar event or after a time span relative to a starting point. They can be used as an alternative to [Cron](https://attack.mitre.org/techniques/T1053/003) in Linux environments.(Citation: archlinux Systemd Timers Aug 2020) Systemd timers may be activated r...

Linux
6
Detections
2
Sources
0
Threat Actors

BY SOURCE

4splunk_escu2elastic

PROCEDURES (3)

Service2 detections

Auto-extracted: 2 detections for service

Service2 detections

Auto-extracted: 2 detections for service

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

DETECTIONS (6)

Linux Auditd Service Restarted
splunk_escu
Linux Service File Created In Systemd Directory
splunk_escu
Linux Service Restarted
splunk_escu
Linux Service Started Or Enabled
splunk_escu
Modification of Persistence Relevant Files Detected via Defend for Containers
elasticlow
Systemd Timer Created
elasticlow