MITRE ATT&CK T1633.001 — System Checks

What it does

This skill provides structured, defensive guidance for the MITRE ATT&CK sub-technique T1633.001 (System Checks) in the mobile matrix. It helps analysts map observed behaviors to ATT&CK, prioritize telemetry, produce detection logic, and plan safe emulation or validation in controlled environments.

When to use it

Use when you need to: triage mobile telemetry for defense-evasion behaviors, design detections for environment or virtualization checks, plan threat-hunting or incident-response playbooks related to system checks, or create controlled adversary-emulation scenarios. Ideal for Android/iOS investigations or detection engineering tasks.

What's included

• Scripts: renders and helper scripts are present (scripts/render_brief.py) to produce Markdown briefs.
• References: bundled technique profile, detection-and-mitigation notes, known-threat context, templates for briefs and hunt plans.
• Instructions: the SKILL.md contains a clear agent workflow (scope clarification, mapping to ATT&CK, producing defensive outputs, and safety constraints).

Compatible agents

Best used by agents with access to knowledge and document rendering tools (code-capable assistants that can run Python helpers), detection-engineering workflows, and those that can present structured Markdown outputs (e.g., Claude Code, copilot-style agents, or custom automation that can run the included scripts).