Cmd Querying For Virtualization Software

Rule Info

Name
Cmd Querying For Virtualization Software
Author
Jonathan Peters (Nextron Systems)
Description
Detects commandline querying for virtualization software, which may indicate an attempt to detect virtual environments as part of evasion techniques used by malware.
Reference
https://app.any.run/tasks/dc8ba6e2-8cb7-448f-a241-d63167e66041
Date
2025-03-11 00:00:00
Modified
None
Id
43db4a0a-548c-4c49-a20f-c9630942d4ab
Tags
attack.defense-evasion
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022