Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A Process executed a command and/or accessed a file that can be used to detect VM environments.
Attacker's Goals
Avoid malware analysis by identifying execution from within sandboxes and virtual machines.
Investigative actions
- Review the process for additional malicious actions.
- Check for any additional alerts raised within the same context of the script.
Variations
VM Detection attempt on Linux with further reconnaissance commandsVM Detection attempt on Linux using an unpopular technique