Common Information
| Type | Value |
|---|---|
| Value |
Process Discovery - T1424 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to get information about running processes on a device. Information obtained could be used to gain an understanding of common software/applications running on devices within a network. Adversaries may use the information from [Process Discovery](https://attack.mitre.org/techniques/T1424) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions. Recent Android security enhancements have made it more difficult to obtain a list of running processes. On Android 7 and later, there is no way for an application to obtain the process list without abusing elevated privileges. This is due to the Android kernel utilizing the `hidepid` mount feature. Prior to Android 7, applications could utilize the `ps` command or examine the `/proc` directory on the device.(Citation: Android-SELinuxChanges) In iOS, applications have previously been able to use the `sysctl` command to obtain a list of running processes. This functionality has been removed in later iOS versions. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-08-28 | 42 | Kaspersky Lab’s technical analysis of Lockbit v3 Builder | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-24 | 119 | Identifying ADHUBLLKA Ransomware: LOLKEK, BIT, OBZ, U2K, TZW Variants | ||
| Details | Website | 2023-08-23 | 70 | Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat | ||
| Details | Website | 2023-08-18 | 77 | WARNING: NEW ATTACK CAMPAIGN UTILIZED A NEW 0-DAY RCE VULNERABILITY ON MICROSOFT EXCHANGE SERVER | ||
| Details | Website | 2023-08-11 | 92 | LummaC Stealer Leveraging Amadey Bot to Deploy SectopRAT | ||
| Details | Website | 2023-08-11 | 39 | Stealthy Malicious MSI Loader - Overlapping Technique and Infrastructure with BatLoader - CYFIRMA | ||
| Details | Website | 2023-08-10 | 92 | Common TTPs of attacks against industrial organizations. Implants for uploading data | Kaspersky ICS CERT | ||
| Details | Website | 2023-07-27 | 50 | Dark Web Profile: 8Base Ransomware | ||
| Details | Website | 2023-07-27 | 117 | Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector | ||
| Details | Website | 2023-07-25 | 6 | APT Profile: Kimsuky - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2023-07-25 | 52 | Evolution of Russian APT29 – New Attacks and Techniques Uncovered | ||
| Details | Website | 2023-07-21 | 14 | Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments | ||
| Details | Website | 2023-07-20 | 59 | Common TTPs of attacks against industrial organizations. Implants for remote access | Kaspersky ICS CERT | ||
| Details | Website | 2023-07-15 | 0 | SOC-145 Ransomware Detected (LetsDefend) | ||
| Details | Website | 2023-07-13 | 25 | Trojanized Application Preying on TeamViewer Users | ||
| Details | Website | 2023-07-06 | 239 | Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA | ||
| Details | Website | 2023-07-06 | 69 | ARCrypt Ransomware Evolves with Multiple TOR Communication Channels | ||
| Details | Website | 2023-06-27 | 14 | Unveiling Wagner Group's Cyber-Recruitment | ||
| Details | Website | 2023-06-16 | 41 | New Malware Campaign Targets LetsVPN Users | ||
| Details | Website | 2023-06-12 | 112 | A Truly Graceful Wipe Out - The DFIR Report | ||
| Details | Website | 2023-06-09 | 43 | Elastic charms SPECTRALVIPER — Elastic Security Labs | ||
| Details | Website | 2023-06-09 | 207 | Over 45 thousand Users Fell Victim to Malicious PyPI Packages | ||
| Details | Website | 2023-06-07 | 37 | NukeSped RAT Report - CYFIRMA | ||
| Details | Website | 2023-06-07 | 36 | Prestige Ransomware Analysis - CYFIRMA |