Common Information
Type Value
Value
Process Discovery - T1057
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network. ===Windows=== An example command that would obtain details on processes is "tasklist" using the Tasklist utility. ===Mac and Linux=== In Mac and Linux, this is accomplished with the <code>ps</code> command. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as Lateral Movement, based on the information obtained. Normal, benign system and network events that look like process discovery may be uncommon, depending on the environment and how they are used. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User, Administrator, SYSTEM System Requirements: Administrator, SYSTEM may provide better process ownership details
Details Published Attributes CTI Title
Details Website 2024-11-12 35 Lock5 (Medusa Ransomware)
Details Website 2024-11-11 39 Kaspersky discovers new Ymir ransomware used together with RustyStealer | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Details Website 2024-11-11 46 «Лаборатория Касперского» обнаружила новый шифровальщик Ymir
Details Website 2024-11-11 47 Ymir: new stealthy ransomware in the wild
Details Website 2024-11-11 47 Kaspersky discovers new Ymir ransomware used together with RustyStealer
Details Website 2024-11-07 63 Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-11-07 7 Mapping CTF Techniques to the MITRE ATT&CK Framework: TryHack3M: Bricks Heist
Details Website 2024-11-04 27 Jumpy Pisces Threat Intel
Details Website 2024-11-03 54 Coinminer - Malware Analysis
Details Website 2024-11-01 62 Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Details Website 2024-10-30 154 Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T.
Details Website 2024-10-30 28 Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Details Website 2024-10-28 28 Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses — Elastic Security Labs
Details Website 2024-10-23 44 Highlighting TA866/Asylum Ambuscade Activity Since 2021
Details Website 2024-10-18 44 Weekly Intelligence Report - 18 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-10-18 18 The Will of D: A Deep Dive into Divulge Stealer, Dedsec Stealer, and Duck Stealer - CYFIRMA
Details Website 2024-10-15 62 Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
Details Website 2024-10-11 71 Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-10-10 18 Technical Analysis of DarkVision RAT
Details Website 2024-10-07 141 Mind the (air) gap: GoldenJackal gooses government guardrails
Details Website 2024-10-04 34 VILSA STEALER - CYFIRMA
Details Website 2024-10-02 3 Stopping Attacks Early: The Power of Endpoint Telemetry in Cybersecurity
Details Website 2024-10-01 27 Silent Intrusion: Unraveling The Sophisticated Attack Leveraging VS Code For Unauthorized Access - Cyble
Details Website 2024-09-27 123 Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs
Details Website 2024-09-17 0 10 Types of Cyberattacks Targeting Organizations Now