Common Information
| Type | Value |
|---|---|
| Value |
Process Discovery - T1424 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to get information about running processes on a device. Information obtained could be used to gain an understanding of common software/applications running on devices within a network. Adversaries may use the information from [Process Discovery](https://attack.mitre.org/techniques/T1424) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions. Recent Android security enhancements have made it more difficult to obtain a list of running processes. On Android 7 and later, there is no way for an application to obtain the process list without abusing elevated privileges. This is due to the Android kernel utilizing the `hidepid` mount feature. Prior to Android 7, applications could utilize the `ps` command or examine the `/proc` directory on the device.(Citation: Android-SELinuxChanges) In iOS, applications have previously been able to use the `sysctl` command to obtain a list of running processes. This functionality has been removed in later iOS versions. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2019-10-01 | 82 | Head Fake: Tackling Disruptive Ransomware Attacks | Mandiant | ||
| Details | Website | 2019-08-01 | 78 | Clop Ransomware | McAfee Blog | ||
| Details | Website | 2019-05-29 | 56 | A dive into Turla PowerShell usage | WeLiveSecurity | ||
| Details | Website | 2019-04-29 | 57 | LockerGoga Ransomware Family Used in Targeted Attacks | McAfee Blog | ||
| Details | Website | 2019-04-22 | 48 | CB TAU Threat Intelligence Notification: HopLight Campaign (Linked to North Korea) is Reusing Substantial Amount of Code | ||
| Details | Website | 2019-03-25 | 36 | Let’s play with Qulab, an exotic malware developed in AutoIT | ||
| Details | Website | 2018-12-24 | 73 | Let’s dig into Vidar – An Arkei Copycat/Forked Stealer (In-depth analysis) | ||
| Details | Website | 2018-12-21 | 118 | The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc | ||
| Details | Website | 2018-12-18 | 63 | Sofacy Creates New ‘Go’ Variant of Zebrocy Tool | ||
| Details | Website | 2018-12-12 | 18 | ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure | McAfee Blog | ||
| Details | Website | 2018-10-10 | 15 | Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation | McAfee Blog | ||
| Details | Website | 2018-07-31 | 17 | GandCrab Ransomware Puts the Pinch on Victims | McAfee Blog | ||
| Details | Website | 2018-04-25 | 30 | Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide | ||
| Details | Website | 2018-03-08 | 25 | Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant | McAfee Blog | ||
| Details | Website | 2018-03-02 | 70 | McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups | McAfee Blog |