Skip to content

Hide Navigation Hide TOC

System Information Discovery Using System_Profiler (4809c683-059b-4935-879d-36835986f8cf)

Detects the execution of "system_profiler" with specific "Data Types" that have been seen being used by threat actors and malware. It provides system hardware and software configuration information. This process is primarily used for system information discovery. However, "system_profiler" can also be used to determine if virtualization software is being run for defense evasion purposes.

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern System Information Discovery Using System_Profiler (4809c683-059b-4935-879d-36835986f8cf) Sigma-Rules 1
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern System Information Discovery Using System_Profiler (4809c683-059b-4935-879d-36835986f8cf) Sigma-Rules 1
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 2