EXPLORE
Sign In
← Back to Explore
T1497.001

System Checks

Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversari...

LinuxmacOSWindows
6
Detections
2
Sources
5
Threat Actors

BY SOURCE

3elastic3sigma

PROCEDURES (3)

General Monitoring3 detections

Auto-extracted: 3 detections for general monitoring

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

THREAT ACTORS (5)

DarkhotelEvilnumGamaredon GroupOilRigVolt Typhoon

DETECTIONS (6)

Powershell Detect Virtualization Environment
sigmamedium
Suspicious SIP Check by macOS Application
elasticmedium
System Information Discovery Using System_Profiler
sigmamedium
System Information Discovery Via Sysctl - MacOS
sigmamedium
Virtual Machine Fingerprinting
elastichigh
Virtual Machine Fingerprinting via Grep
elasticmedium