Common Information
| Type | Value |
|---|---|
| Value |
Windows Management Instrumentation - T1047 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Windows Management Instrumentation (WMI) is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) (Citation: Wikipedia SMB) and Remote Procedure Call Service (RPCS) (Citation: TechNet RPC) for remote access. RPCS operates over port 135. (Citation: MSDN WMI) An adversary can use WMI to interact with local and remote systems and use it as a means to perform many tactic functions, such as gathering information for Discovery and remote Execution of files as part of Lateral Movement. (Citation: FireEye WMI 2015) Detection: Monitor network traffic for WMI connections; the use of WMI in environments that do not typically use WMI may be suspect. Perform process monitoring to capture command-line arguments of "wmic" and detect commands that are used to perform remote behavior. (Citation: FireEye WMI 2015) Platforms: Windows Data Sources: Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring Permissions Required: User, Administrator System Requirements: WMI service, winmgmt, running. Host/network firewalls allowing SMB and WMI ports from source to destination. SMB authentication. Remote Support: Yes |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-16 | 90 | From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-14 | 0 | 新しいランサムウェア「ShrinkLocker」の復号化ツールがBitLockerのパスワードを復元 - PRSOL:CC | ||
| Details | Website | 2024-11-13 | 0 | New ShrinkLocker ransomware decryptor recovers BitLocker password | ||
| Details | Website | 2024-11-11 | 0 | The Threat of Lateral Movement: Are you Covered? | Red Piranha | ||
| Details | Website | 2024-11-10 | 1 | Understanding Common Windows Commands and How Threat Actors Use Them: | ||
| Details | Website | 2024-11-08 | 0 | Interlock Ransomware: The New Weapon of Mass Digital Destruction | ||
| Details | Website | 2024-11-08 | 7 | Cybersecurity Snapshot: CISA Warns of Global Spear-Phishing Threat, While OWASP Releases AI Security Resources | ||
| Details | Website | 2024-11-07 | 0 | Using Human Risk Management to Detect and Thwart Cyberattacks - Cybersecurity Insiders | ||
| Details | Website | 2024-11-07 | 105 | Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies | ||
| Details | Website | 2024-11-07 | 19 | CrowdStrike’s work with the Democratic National Committee: Setting the record straight | ||
| Details | Website | 2024-11-04 | 102 | Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT | ||
| Details | Website | 2024-11-04 | 102 | Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT - Check Point Research | ||
| Details | Website | 2024-11-04 | 2 | When Good Tools Do Bad Things: The Rising Threat of ‘Living Off the Land’ Cybersecurity Attacks | ||
| Details | Website | 2024-11-03 | 35 | Threat Actor — Cl0P | ||
| Details | Website | 2024-11-03 | 4 | Petya ransomware outbreak: Here’s what you need to know | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-11-03 | 0 | How Cyber Criminals Are Evading Antivirus Software | ||
| Details | Website | 2024-11-01 | 62 | Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-31 | 17 | Building a Robust Windows Service for Malware and Ransomware Protection | ||
| Details | Website | 2024-10-30 | 7 | 5 Critical Threat Actors You Need to Know About - ReliaQuest | ||
| Details | Website | 2024-10-24 | 0 | The Rise of Chinese APT Campaigns: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant | ||
| Details | Website | 2024-10-23 | 44 | Highlighting TA866/Asylum Ambuscade Activity Since 2021 | ||
| Details | Website | 2024-10-21 | 52 | Akira ransomware continues to evolve | ||
| Details | Website | 2024-10-21 | 3 | Beast Ransomware Attacking Windows, Linux, And ESXi Systems | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-21 | 52 | Akira ransomware continues to evolve | ||
| Details | Website | 2024-10-18 | 2 | Analyzing a Multi-Stage Malware Attack Targeting Digital Marketing Professionals |