| ID | Name |
|---|---|
| ATAGS-T1064.001 | Launchctl |
| ATAGS-T1064.002 | Service Execution |
| ATAGS-T1064.003 | Systemctl |
Threat actors may abuse systemctl to execute commands or programs. Systemctl is the primary interface for systemd, the Linux init system and service manager. Typically invoked from a shell, Systemctl can also be integrated into scripts or applications.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.