Common Information
| Type | Value |
|---|---|
| Value |
System Information Discovery - T1082 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. ===Windows=== Example commands and utilities that obtain this information include <code>ver</code>, Systeminfo, and <code>dir</code> within cmd for identifying information based on present files and directories. ===Mac=== On Mac, the <code>systemsetup</code> command gives a detailed breakdown of the system, but it requires administrative privileges. Additionally, the <code>system_profiler</code> gives a very detailed breakdown of configurations, firewall rules, mounted volumes, hardware, and many other things without needing elevated permissions. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities based on the information obtained. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-26 | 33 | LostTrust Ransomware - Trust nothing — ShadowStackRE | ||
| Details | Website | 2024-11-14 | 72 | Weekly Intelligence Report - 15 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-13 | 55 | HawkEye Malware: Technical Analysis | ||
| Details | Website | 2024-11-13 | 55 | HawkEye Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2024-11-13 | 55 | HawkEye | PredatorPain | ||
| Details | Website | 2024-11-12 | 35 | Lock5 (Medusa Ransomware) | ||
| Details | Website | 2024-11-11 | 39 | Kaspersky discovers new Ymir ransomware used together with RustyStealer | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-11-11 | 46 | «Лаборатория Касперского» обнаружила новый шифровальщик Ymir | ||
| Details | Website | 2024-11-11 | 47 | Ymir: new stealthy ransomware in the wild | ||
| Details | Website | 2024-11-11 | 47 | Kaspersky discovers new Ymir ransomware used together with RustyStealer | ||
| Details | Website | 2024-11-07 | 63 | Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-06 | 26 | Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign | ||
| Details | Website | 2024-11-06 | 44 | GodFather Malware Targets 500 Banking & Crypto Apps Worldwide | ||
| Details | Website | 2024-11-04 | 35 | G700 : The Next Generation of Craxs RAT - CYFIRMA | ||
| Details | Website | 2024-11-04 | 57 | Threat Intelligence Report October 29 - November 4 2024 | Red Piranha | ||
| Details | Website | 2024-11-04 | 24 | From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West | ||
| Details | Website | 2024-11-01 | 43 | Ngioweb Remains Active 7 Years Later | ||
| Details | Website | 2024-11-01 | 39 | Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-11-01 | 62 | Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-30 | 154 | Крысиный король: как Android-троян CraxsRAT ворует данные пользователей | Блог F.A.C.C.T. | ||
| Details | Website | 2024-10-30 | 120 | Strela Stealer Targets Europe Stealthily Via WebDav | ||
| Details | Website | 2024-10-30 | 28 | Attacker Abuses Victim Resources to Reap Rewards from Titan Network | ||
| Details | Website | 2024-10-29 | 207 | WarmCookie Malware Threat Intel | ||
| Details | Website | 2024-10-28 | 28 | Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses — Elastic Security Labs | ||
| Details | Website | 2024-10-28 | 51 | CloudScout: Evasive Panda scouting cloud services |