Common Information
| Type | Value |
|---|---|
| Value |
Process Discovery - T1057 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network. ===Windows=== An example command that would obtain details on processes is "tasklist" using the Tasklist utility. ===Mac and Linux=== In Mac and Linux, this is accomplished with the <code>ps</code> command. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as Lateral Movement, based on the information obtained. Normal, benign system and network events that look like process discovery may be uncommon, depending on the environment and how they are used. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User, Administrator, SYSTEM System Requirements: Administrator, SYSTEM may provide better process ownership details |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-14 | 72 | Weekly Intelligence Report - 15 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-12 | 35 | Lock5 (Medusa Ransomware) | ||
| Details | Website | 2024-11-11 | 39 | Kaspersky discovers new Ymir ransomware used together with RustyStealer | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-11-11 | 46 | «Лаборатория Касперского» обнаружила новый шифровальщик Ymir | ||
| Details | Website | 2024-11-11 | 47 | Ymir: new stealthy ransomware in the wild | ||
| Details | Website | 2024-11-11 | 47 | Kaspersky discovers new Ymir ransomware used together with RustyStealer | ||
| Details | Website | 2024-11-07 | 63 | Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-07 | 7 | Mapping CTF Techniques to the MITRE ATT&CK Framework: TryHack3M: Bricks Heist | ||
| Details | Website | 2024-11-04 | 27 | Jumpy Pisces Threat Intel | ||
| Details | Website | 2024-11-03 | 54 | Coinminer - Malware Analysis | ||
| Details | Website | 2024-11-01 | 62 | Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-30 | 154 | Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T. | ||
| Details | Website | 2024-10-30 | 28 | Attacker Abuses Victim Resources to Reap Rewards from Titan Network | ||
| Details | Website | 2024-10-28 | 28 | Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses — Elastic Security Labs | ||
| Details | Website | 2024-10-23 | 44 | Highlighting TA866/Asylum Ambuscade Activity Since 2021 | ||
| Details | Website | 2024-10-18 | 44 | Weekly Intelligence Report - 18 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-18 | 18 | The Will of D: A Deep Dive into Divulge Stealer, Dedsec Stealer, and Duck Stealer - CYFIRMA | ||
| Details | Website | 2024-10-15 | 62 | Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions | ||
| Details | Website | 2024-10-11 | 71 | Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-10 | 18 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-07 | 141 | Mind the (air) gap: GoldenJackal gooses government guardrails | ||
| Details | Website | 2024-10-04 | 34 | VILSA STEALER - CYFIRMA | ||
| Details | Website | 2024-10-02 | 3 | Stopping Attacks Early: The Power of Endpoint Telemetry in Cybersecurity | ||
| Details | Website | 2024-10-01 | 27 | Silent Intrusion: Unraveling The Sophisticated Attack Leveraging VS Code For Unauthorized Access - Cyble | ||
| Details | Website | 2024-09-27 | 123 | Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs |