System Info Discovery via Sysinfo Syscall

Rule Info

Name
System Info Discovery via Sysinfo Syscall
Author
Milad Cheraghi
Description
Detects use of the sysinfo system call in Linux, which provides a snapshot of key system statistics such as uptime, load averages, memory usage, and the number of running processes. Malware or reconnaissance tools might leverage sysinfo to fingerprint the system - gathering data to determine if it's a viable target.
Reference
https://github.com/CheraghiMilad/bypass-Neo23x0-auditd-config/blob/f1c478a37911a5447d5ffcd580f22b167bf3df14/sysinfo-syscall/README.md
Date
2025-05-30 00:00:00
Modified
None
Id
b207d563-a1d9-4275-b349-77d1eb55aa6d
Tags
attack.discovery attack.t1057 attack.t1082
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=b207d563-a1d9-4275-b349-77d1eb55aa6d

Rule History

Author
Title
Date
Commit
Milad Cheraghi
Merge PR #5444 from @CheraghiMilad - Discovery System Info via Sysinfo Syscall
2025-06-05
ff60fa5f9
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022