Show in Graph
Common Information
Type Value
Value 
Process Discovery - T1424
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may attempt to get information about running processes on a device. Information obtained could be used to gain an understanding of common software/applications running on devices within a network. Adversaries may use the information from [Process Discovery](https://attack.mitre.org/techniques/T1424) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions. Recent Android security enhancements have made it more difficult to obtain a list of running processes. On Android 7 and later, there is no way for an application to obtain the process list without abusing elevated privileges. This is due to the Android kernel utilizing the `hidepid` mount feature. Prior to Android 7, applications could utilize the `ps` command or examine the `/proc` directory on the device.(Citation: Android-SELinuxChanges) In iOS, applications have previously been able to use the `sysctl` command to obtain a list of running processes. This functionality has been removed in later iOS versions.
Details Published Attributes CTI Title
Details Website 2024-11-14 72 Weekly Intelligence Report - 15 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-11-12 35 Lock5 (Medusa Ransomware)
Details Website 2024-11-11 39 Kaspersky discovers new Ymir ransomware used together with RustyStealer | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Details Website 2024-11-11 47 Ymir: new stealthy ransomware in the wild
Details Website 2024-11-11 47 Kaspersky discovers new Ymir ransomware used together with RustyStealer
Details Website 2024-11-07 63 Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-11-07 7 Mapping CTF Techniques to the MITRE ATT&CK Framework: TryHack3M: Bricks Heist
Details Website 2024-11-04 27 Jumpy Pisces Threat Intel
Details Website 2024-11-03 54 Coinminer - Malware Analysis
Details Website 2024-11-01 62 Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Details Website 2024-10-30 154 Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T.
Details Website 2024-10-30 28 Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Details Website 2024-10-28 28 Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses — Elastic Security Labs
Details Website 2024-10-23 44 Highlighting TA866/Asylum Ambuscade Activity Since 2021
Details Website 2024-10-18 44 Weekly Intelligence Report - 18 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-10-18 18 The Will of D: A Deep Dive into Divulge Stealer, Dedsec Stealer, and Duck Stealer - CYFIRMA
Details Website 2024-10-15 62 Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
Details Website 2024-10-11 71 Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-10-10 18 Technical Analysis of DarkVision RAT
Details Website 2024-10-07 141 Mind the (air) gap: GoldenJackal gooses government guardrails
Details Website 2024-10-04 34 VILSA STEALER - CYFIRMA
Details Website 2024-10-02 3 Stopping Attacks Early: The Power of Endpoint Telemetry in Cybersecurity
Details Website 2024-10-01 27 Silent Intrusion: Unraveling The Sophisticated Attack Leveraging VS Code For Unauthorized Access - Cyble
Details Website 2024-09-27 123 Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs
Details Website 2024-09-17 0 10 Types of Cyberattacks Targeting Organizations Now