← Back to Explore
T1564.006
Run Virtual Instance
Adversaries may carry out malicious operations using a virtual instance to avoid detection. A wide variety of virtualization technologies exist that allow for the emulation of a computer or computing environment. By running malicious code inside of a virtual instance, adversaries can hide artifacts associated with their behavior from security tools that are unable to monitor activity inside the virtual instance.(Citation: CyberCX Akira Ransomware) Additionally, depending on the virtual networkin...
LinuxmacOSWindowsESXi
4
Detections
3
Sources
0
Threat Actors
BY SOURCE
2sigma1elastic1splunk_escu
PROCEDURES (4)
Script Execution Monitoring1 detections
Auto-extracted: 1 detections for script execution monitoring
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring
Network Connection Monitoring1 detections
Auto-extracted: 1 detections for network connection monitoring