Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536)
Adversaries may abuse systemctl to execute commands or programs. Systemctl is the primary interface for systemd, the Linux init system and service manager. Typically invoked from a shell, Systemctl can also be integrated into scripts or applications.
Adversaries may use systemctl to execute commands or programs as Systemd Services. Common subcommands include: systemctl start, systemctl stop, systemctl enable, systemctl disable, and systemctl status.(Citation: Red Hat Systemctl 2022)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536) | Attack Pattern | System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) | Attack Pattern | 1 |