Common Information
| Type | Value |
|---|---|
| Value |
Process Discovery - T1057 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network. ===Windows=== An example command that would obtain details on processes is "tasklist" using the Tasklist utility. ===Mac and Linux=== In Mac and Linux, this is accomplished with the <code>ps</code> command. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as Lateral Movement, based on the information obtained. Normal, benign system and network events that look like process discovery may be uncommon, depending on the environment and how they are used. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User, Administrator, SYSTEM System Requirements: Administrator, SYSTEM may provide better process ownership details |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-09-22 | 56 | Examining the Activities of the Turla APT Group | ||
| Details | Website | 2023-09-22 | 57 | Examining the Activities of the Turla APT Group | ||
| Details | Website | 2023-09-18 | 20 | Introducing DevOpt: A Multifunctional Backdoor Arsenal | ||
| Details | Website | 2023-09-18 | 90 | DBatLoader: Actively Distributing Malwares Targeting European Businesses | ||
| Details | Website | 2023-09-18 | 57 | Emerging Threat: Understanding the PySilon Discord RAT's Versatile Features | ||
| Details | Website | 2023-09-17 | 36 | RedLine Stealer : A new variant surfaces, Deploying using Batch Script - CYFIRMA | ||
| Details | Website | 2023-09-14 | 35 | Operation Rusty Flag – A Malicious Campaign Against Azerbaijanian Targets | Deep Instinct | ||
| Details | Website | 2023-08-28 | 42 | Kaspersky Lab’s technical analysis of Lockbit v3 Builder | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-24 | 119 | Identifying ADHUBLLKA Ransomware: LOLKEK, BIT, OBZ, U2K, TZW Variants | ||
| Details | Website | 2023-08-23 | 70 | Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat | ||
| Details | Website | 2023-08-18 | 77 | WARNING: NEW ATTACK CAMPAIGN UTILIZED A NEW 0-DAY RCE VULNERABILITY ON MICROSOFT EXCHANGE SERVER | ||
| Details | Website | 2023-08-17 | 30 | Cuba Ransomware Deploys New Tools: BlackBerry Discovers Targets Including Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America | ||
| Details | Website | 2023-08-11 | 92 | LummaC Stealer Leveraging Amadey Bot to Deploy SectopRAT | ||
| Details | Website | 2023-08-11 | 39 | Stealthy Malicious MSI Loader - Overlapping Technique and Infrastructure with BatLoader - CYFIRMA | ||
| Details | Website | 2023-08-10 | 92 | Common TTPs of attacks against industrial organizations. Implants for uploading data | Kaspersky ICS CERT | ||
| Details | Website | 2023-07-27 | 50 | Dark Web Profile: 8Base Ransomware | ||
| Details | Website | 2023-07-27 | 117 | Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector | ||
| Details | Website | 2023-07-25 | 6 | APT Profile: Kimsuky - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2023-07-25 | 47 | Decoding RomCom: Behaviors and Opportunities for Detection | ||
| Details | Website | 2023-07-25 | 52 | Evolution of Russian APT29 – New Attacks and Techniques Uncovered | ||
| Details | Website | 2023-07-21 | 14 | Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments | ||
| Details | Website | 2023-07-20 | 59 | Common TTPs of attacks against industrial organizations. Implants for remote access | Kaspersky ICS CERT | ||
| Details | Website | 2023-07-15 | 0 | SOC-145 Ransomware Detected (LetsDefend) | ||
| Details | Website | 2023-07-13 | 25 | Trojanized Application Preying on TeamViewer Users |