Home/ MITRE Matrix/ Impact/ T1529

T1529System Shutdown/Reboot

T1529 — System Shutdown/Reboot is a MITRE ATT&CK technique in the Impact tactic. Clankerusecase tracks 10 detection use cases covering it and 3 threat-intel articles citing it.

Impact

View on the matrix → Filter Detection Library MITRE official spec ↗

10Use cases

3Articles

0Sub-techniques

1Tactic

Use cases covering this technique (10)

ESXi Bulk VM Termination ESCU actions · alerting P Microsoft Intune Manual Device Management ESCU actions · hunting P Linux Magic SysRq Key Abuse ESCU actions · alerting P Linux System Reboot Via System Request Key ESCU actions · alerting P Windows Common Abused Cmd Shell Risk Behavior ESCU actions · alerting P Windows System LogOff Commandline ESCU actions · hunting P Windows System Reboot CommandLine ESCU actions · hunting P Windows System Shutdown CommandLine ESCU actions · hunting P [LLM] Host-root mount wiper: chroot /mnt/host reboot -f or rm -rf / --no-preserve-root Bespoke actions · alerting DSΣPDDCS [LLM] s1ngularity nx: node modifies ~/.bashrc or ~/.zshrc to inject `sudo shutdown -h 0` Bespoke install · alerting DSΣPDD

Articles citing this technique (3)

high CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran art-444

crit DynoWiper update: Technical analysis and attribution art-590

crit s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware art-778