Show in Graph
Common Information
Type Value
Value 
Process Discovery - T1057
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network. ===Windows=== An example command that would obtain details on processes is "tasklist" using the Tasklist utility. ===Mac and Linux=== In Mac and Linux, this is accomplished with the <code>ps</code> command. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as Lateral Movement, based on the information obtained. Normal, benign system and network events that look like process discovery may be uncommon, depending on the environment and how they are used. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User, Administrator, SYSTEM System Requirements: Administrator, SYSTEM may provide better process ownership details
Details Published Attributes CTI Title
Details Website 2024-04-01 124 From OneNote to RansomNote: An Ice Cold Intrusion
Details Website 2024-03-25 39 APT29 Uses WINELOADER to Target German Political Parties | Google Cloud Blog
Details Website 2024-03-18 96 Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Details Website 2024-03-18 96 Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Details Website 2024-01-30 109 Recent DarkGate Activity & Trends
Details Website 2024-01-04 63 ATT&CK을 이용해 스스로 평가하기(APT3, Second Scenario)
Details Website 2024-01-01 28 I am Goot (Loader)
Details Website 2023-12-06 198 Russia/Ukraine Update - December 2023
Details Website 2023-11-19 117 LitterDrifter: a new USB worm used by the Gamaredon group
Details Website 2023-11-06 203 SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT - Blogs on Information Technology, Network & Cybersecurity | Seqrite
Details Website 2023-11-02 27 New Java-Based Sayler RAT Targets Polish Speaking Users
Details Website 2023-11-01 44 Elastic catches DPRK passing out KANDYKORN — Elastic Security Labs
Details Website 2023-10-30 154 NetSupport Intrusion Results in Domain Compromise - The DFIR Report
Details Website 2023-10-27 117 A cascade of compromise: unveiling Lazarus' new campaign
Details Website 2023-10-27 0 Process Mining: A Brief Introduction
Details Website 2023-10-25 94 A pirated program downloaded from a torrent site infected hundreds of thousands of users
Details Website 2023-10-23 273 Red Team Tools
Details Website 2023-10-17 73 BbyStealer Malware Resurfaces, Sets Sights on VPN Users
Details Website 2023-10-17 92 Anomali Cyber Watch: RomCom 4.0 Targeted Female Politicians, Israeli RedAlert App Impersonated, and More. – Anomali
Details Website 2023-10-11 38 Global ESXiArgs ransomware attack on the back of a two-year-old vulnerability
Details Website 2023-10-05 73 LostTrust Ransomware | Latest Multi-Extortion Threat Shares Traits with SFile and Mindware
Details Website 2023-09-29 62 PurpleFox Resurfaces Via Spam Emails:  A Look Into Its Recent Campaign
Details Website 2023-09-28 49 Trade with caution - bad guys are stealing
Details Website 2023-09-26 37 Exela Stealer Spotted Targeting Social Media Giants
Details Website 2023-09-24 49 Deadglyph: a new advanced backdoor from Stealth Falcon