Common Information
| Type | Value |
|---|---|
| Value |
System Information Discovery - T1082 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. ===Windows=== Example commands and utilities that obtain this information include <code>ver</code>, Systeminfo, and <code>dir</code> within cmd for identifying information based on present files and directories. ===Mac=== On Mac, the <code>systemsetup</code> command gives a detailed breakdown of the system, but it requires administrative privileges. Additionally, the <code>system_profiler</code> gives a very detailed breakdown of configurations, firewall rules, mounted volumes, hardware, and many other things without needing elevated permissions. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities based on the information obtained. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-25 | 58 | HeptaX: Unauthorized RDP Connections For Cyberespionage Operations | ||
| Details | Website | 2024-10-23 | 22 | DarkComet RAT: Technical Analysis of Attack Chain | ||
| Details | Website | 2024-10-23 | 22 | DarkComet RAT: Technical Analysis of Attack Chain - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2024-10-23 | 44 | Highlighting TA866/Asylum Ambuscade Activity Since 2021 | ||
| Details | Website | 2024-10-21 | 21 | Attackers Target Exposed Docker Remote API Servers With perfctl Malware | ||
| Details | Website | 2024-10-18 | 12 | The Mobile Malware Chronicles: Necro.N – Volume 101 | ||
| Details | Website | 2024-10-18 | 12 | The Mobile Malware Chronicles: Necro.N - Volume 101 - Zimperium | ||
| Details | Website | 2024-10-18 | 44 | Weekly Intelligence Report - 18 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-18 | 18 | The Will of D: A Deep Dive into Divulge Stealer, Dedsec Stealer, and Duck Stealer - CYFIRMA | ||
| Details | Website | 2024-10-18 | 56 | Vietnamese Threat Actor’s Multi-Layered Strategy On Digital Marketing Professionals - Cyble | ||
| Details | Website | 2024-10-17 | 42 | New macOS vulnerability, “HM Surf”, could lead to unauthorized data access | ||
| Details | Website | 2024-10-17 | 75 | APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere | ||
| Details | Website | 2024-10-16 | 108 | Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations | CISA | ||
| Details | Website | 2024-10-14 | 55 | Hidden In Plain Sight: How ErrorFather Deploys Cerberus To Amplify Cyber Threats | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples | ||
| Details | Website | 2024-10-11 | 30 | Expanding the Investigation: Deep Dive into Latest TrickMo Samples - Zimperium | ||
| Details | Website | 2024-10-11 | 71 | Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-10 | 5 | PureLogs: The Low-Cost Infostealer with a High-Impact Threat | ||
| Details | Website | 2024-10-10 | 18 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-07 | 141 | Mind the (air) gap: GoldenJackal gooses government guardrails | ||
| Details | Website | 2024-10-06 | 18 | YUNIT STEALER - CYFIRMA | ||
| Details | Website | 2024-10-04 | 100 | Агент SIEM используется в атаках SilentCryptoMiner | ||
| Details | Website | 2024-10-04 | 34 | VILSA STEALER - CYFIRMA | ||
| Details | Website | 2024-10-04 | 100 | SIEM agent being used in SilentCryptoMiner attacks | ||
| Details | Website | 2024-10-03 | 16 | SEO Poisoning Campaigns Target Browser Installers and Crypto Sites, Spreading Poseidon, GhostRAT & More |