Common Information
| Type | Value |
|---|---|
| Value |
Process Discovery - T1424 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to get information about running processes on a device. Information obtained could be used to gain an understanding of common software/applications running on devices within a network. Adversaries may use the information from [Process Discovery](https://attack.mitre.org/techniques/T1424) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions. Recent Android security enhancements have made it more difficult to obtain a list of running processes. On Android 7 and later, there is no way for an application to obtain the process list without abusing elevated privileges. This is due to the Android kernel utilizing the `hidepid` mount feature. Prior to Android 7, applications could utilize the `ps` command or examine the `/proc` directory on the device.(Citation: Android-SELinuxChanges) In iOS, applications have previously been able to use the `sysctl` command to obtain a list of running processes. This functionality has been removed in later iOS versions. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-06-28 | 144 | Raccoon Stealer v2 - Part 1: The return of the dead | ||
| Details | Website | 2022-06-10 | 76 | Threat Attribution — Chimera “Under the Radar” | ||
| Details | Website | 2022-06-09 | 31 | LockBit 2.0: How This RaaS Operates and How to Protect Against It | ||
| Details | Website | 2022-06-09 | 31 | Lyceum .NET DNS Backdoor | Zscaler | ||
| Details | Website | 2022-06-02 | 99 | To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant | ||
| Details | Website | 2022-06-02 | 63 | LockBit 3.0 Ransomware Unlocked | ||
| Details | Website | 2022-05-27 | 50 | Emotet Analysis: New LNKs in the Infection Chain | Kroll | ||
| Details | Website | 2022-05-17 | 679 | Space Pirates: analyzing the tools and connections of a new hacker group | ||
| Details | Website | 2022-05-08 | 57 | Ursnif Malware Banks on News Events for Phishing Attacks | Qualys Security Blog | ||
| Details | Website | 2022-05-04 | 26 | Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques | ||
| Details | Website | 2022-05-02 | 39 | UNC3524: Eye Spy on Your Email | Mandiant | ||
| Details | Website | 2022-05-02 | 39 | UNC3524: Eye Spy on Your Email | Mandiant | ||
| Details | Website | 2022-04-28 | 128 | Tracking APT29 Phishing Campaigns | Atlassian Trello | ||
| Details | Website | 2022-04-27 | 202 | A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity | WeLiveSecurity | ||
| Details | Website | 2022-04-06 | 54 | FFDroider Stealer Is Targeting Social Media Platform | Blog | ||
| Details | Website | 2022-04-04 | 34 | Ransomware Spotlight: AvosLocker - Security News | ||
| Details | Website | 2022-03-23 | 67 | Midas Ransomware : Tracing the Evolution of Thanos Ransomware Variants | ||
| Details | Website | 2022-03-23 | 67 | A Study of Thanos Ransomware Variants | Zscaler Blog | ||
| Details | Website | 2022-03-18 | 30 | Ransomware Spotlight: Hive - Security News | ||
| Details | Website | 2022-03-16 | 92 | Avira Labs Research Reveals Hydra Banking Trojan 2.0 targeting a wider network of German and Austrian banks | ||
| Details | Website | 2022-02-24 | 123 | Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA | ||
| Details | Website | 2022-02-23 | 314 | (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware | Mandiant | ||
| Details | Website | 2022-02-22 | 37 | Ransomware Spotlight: Clop - Security News | ||
| Details | Website | 2022-02-08 | 26 | Ransomware Spotlight: LockBit - Security News | ||
| Details | Website | 2022-01-27 | 22 | Threat Assessment: BlackCat Ransomware |