Show in Graph
Common Information
Type Value
Value 
Process Discovery - T1424
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may attempt to get information about running processes on a device. Information obtained could be used to gain an understanding of common software/applications running on devices within a network. Adversaries may use the information from [Process Discovery](https://attack.mitre.org/techniques/T1424) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions. Recent Android security enhancements have made it more difficult to obtain a list of running processes. On Android 7 and later, there is no way for an application to obtain the process list without abusing elevated privileges. This is due to the Android kernel utilizing the `hidepid` mount feature. Prior to Android 7, applications could utilize the `ps` command or examine the `/proc` directory on the device.(Citation: Android-SELinuxChanges) In iOS, applications have previously been able to use the `sysctl` command to obtain a list of running processes. This functionality has been removed in later iOS versions.
Details Published Attributes CTI Title
Details Website 2020-11-18 40 Reversing Ryuk
Details Website 2020-11-05 60 Attacks on industrial enterprises using RMS and TeamViewer: new data
Details Website 2020-11-04 33 QBot Trojan delivered via malspam campaign exploiting US election uncertainties | Malwarebytes Labs
Details Website 2020-10-24 31 Emotet Malware | CISA
Details Website 2020-10-22 24 An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques - SentinelLabs
Details Website 2020-10-12 47 ESET takes part in global operation to disrupt Trickbot | WeLiveSecurity
Details Website 2020-09-29 198 Oil and Gas Industries in Middle East Targeted | blog
Details Website 2020-09-29 23 Cross Platform Modular Glupteba Malware Uses ManageX
Details Website 2020-09-02 63 KryptoCibule: The multitasking multicurrency cryptostealer | WeLiveSecurity
Details Website 2020-08-17 61 GoldenSpy Chapter 5 : Multiple GoldenSpy Uninstaller Variants Discovered
Details Website 2020-07-15 165 Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families | Mandiant
Details Website 2020-06-18 76 Digging up InvisiMole’s hidden arsenal | WeLiveSecurity
Details Website 2020-05-21 108 No “Game over” for the Winnti Group | WeLiveSecurity
Details Website 2020-05-13 66 Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks | WeLiveSecurity
Details Website 2020-05-09 29 Lazarus group leverages Covid themed HWP Document
Details Website 2020-05-01 53 Tales From the Trenches; a Lockbit Ransomware Story | McAfee Blog
Details Website 2020-04-29 83 Compromised WordPress Sites Distribute Adwind RAT | blog
Details Website 2020-04-23 85 Following ESET’s discovery, a Monero mining botnet is disrupted | WeLiveSecurity
Details Website 2020-04-02 189 Nemty Ransomware - Learning by Doing | McAfee Blog
Details Website 2020-02-27 79 “Higaisa(黑格莎)”组织近期攻击活动报告
Details Website 2019-12-23 37 I literally can't think of a fitting pun - mrdec ransomware
Details Website 2019-12-02 15 God save the queen [...] 'cause ransom is money - savethequeen encryptor
Details Website 2019-10-23 147 CyberThreatIntel/analysis.md at master · StrangerealIntel/CyberThreatIntel
Details Website 2019-10-17 37 Operation Ghost: The Dukes aren’t back – they never left | WeLiveSecurity
Details Website 2019-10-15 39 Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect