MITRE ATT&CK / T1569.003
T1569.003
Systemctl
SUB-TECHNIQUE Execution
Description
Adversaries may abuse systemctl to execute commands or programs. Systemctl is the primary interface for systemd, the Linux init system and service manager. Typically invoked from a shell, Systemctl can also be integrated into scripts or applications.Adversaries may use systemctl to execute commands or programs as [Systemd Service](https://attack.mitre.org/techniques/T1543/002)s. Common subcommands include: `systemctl start`, `systemctl stop`, `systemctl enable`, `systemctl disable`, and `systemctl status`.(Citation: Red Hat Systemctl 2022)
Platforms
Linux
Mitigations
- M1018 — User Account Management
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- PRC State-Sponsored Telecom Router Compromise Detection: CISA AA25-239a Breakdown
- CVE-2024-57727 SimpleHelp RMM: Patch Verification and Detection Checklist
- System Hacking using Metasploit
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →