Show in Graph
Common Information
Type Value
Value 
Process Discovery - T1057
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network. ===Windows=== An example command that would obtain details on processes is "tasklist" using the Tasklist utility. ===Mac and Linux=== In Mac and Linux, this is accomplished with the <code>ps</code> command. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as Lateral Movement, based on the information obtained. Normal, benign system and network events that look like process discovery may be uncommon, depending on the environment and how they are used. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User, Administrator, SYSTEM System Requirements: Administrator, SYSTEM may provide better process ownership details
Details Published Attributes CTI Title
Details Website 2024-09-17 0 10 Types of Cyberattacks Targeting Organizations Now
Details Website 2024-09-08 114 深入剖析针对中国用户的攻击活动(判断为Hvv样本被捕获了,红队速来认领) | CTF导航
Details Website 2024-09-04 71 AZORult Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog
Details Website 2024-08-30 97 From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users
Details Website 2024-08-20 11 RansomHub Ransomware – Everything You Need to Know | Red Piranha
Details Website 2024-08-19 20 PG_MEM: A Malware Hidden in the Postgres Processes
Details Website 2024-08-10 89 Sidewinder APT – 针对巴基斯坦的网络钓鱼 | CTF导航
Details Website 2024-07-29 20 Attackers (Crowd)Strike with Infostealer Malware - Perception Point
Details Website 2024-07-26 22 RansomHub Ransomware – New Infection Chains Unveiled
Details Website 2024-07-25 59 How APT groups operate in Southeast Asia
Details Website 2024-07-05 12 Turning Jenkins Into a Cryptomining Machine From an Attackers Perspective
Details Website 2024-06-28 41 Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer
Details Website 2024-06-26 76 Threat Analysis Insight: RisePro Information Stealer
Details Website 2024-06-20 114 深入剖析针对中国用户的攻击活动(判断为Hvv样本被捕获了,红队速来认领)
Details Website 2024-06-10 86 Technical Analysis of the Latest Variant of ValleyRAT
Details Website 2024-06-04 43 UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine's Ministry Of Defence - Cyble
Details Website 2024-05-22 48 Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs
Details Website 2024-05-16 23 Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
Details Website 2024-05-16 73 Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID — Elastic Security Labs
Details Website 2024-05-15 45 To the Moon and back(doors): Lunar landing in diplomatic missions
Details Website 2024-05-06 27 HijackLoader Updates
Details Website 2024-04-25 30 Uncorking Old Wine: Zero-Day from 2017 + Cobalt Strike Loader in Unholy Alliance
Details Website 2024-04-17 26 Threat Group FIN7 Targets the U.S. Automotive Industry
Details Website 2024-04-11 94 Cybercriminal Campaign Spreads Infostealers, Highlighting Risks to Web3 Gaming | Recorded Future
Details Website 2024-04-11 24 Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear