Show in Graph
Common Information
Type Value
Value 
System Information Discovery - T1082
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. ===Windows=== Example commands and utilities that obtain this information include <code>ver</code>, Systeminfo, and <code>dir</code> within cmd for identifying information based on present files and directories. ===Mac=== On Mac, the <code>systemsetup</code> command gives a detailed breakdown of the system, but it requires administrative privileges. Additionally, the <code>system_profiler</code> gives a very detailed breakdown of configurations, firewall rules, mounted volumes, hardware, and many other things without needing elevated permissions. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities based on the information obtained. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User
Details Published Attributes CTI Title
Details Website 2024-09-02 28 Threat Intelligence Report 27th August – 2nd September 2024
Details Website 2024-08-30 97 From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users
Details Website 2024-08-30 24 Emulating the Extortionist Mallox Ransomware
Details Website 2024-08-22 24 NGate Android malware relays NFC traffic to steal cash
Details Website 2024-08-20 11 RansomHub Ransomware – Everything You Need to Know | Red Piranha
Details Website 2024-08-19 20 PG_MEM: A Malware Hidden in the Postgres Processes
Details Website 2024-08-10 89 Sidewinder APT – 针对巴基斯坦的网络钓鱼 | CTF导航
Details Website 2024-08-09 1 A Dive into Earth Baku’s Latest Campaign
Details Website 2024-08-09 1 A Dive into Earth Baku’s Latest Campaign
Details Website 2024-08-01 34 BlankBot - a new Android banking trojan with screen recording,…
Details Website 2024-08-01 47 BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor — Elastic Security Labs
Details Website 2024-07-29 20 Attackers (Crowd)Strike with Infostealer Malware - Perception Point
Details Website 2024-07-26 22 RansomHub Ransomware – New Infection Chains Unveiled
Details Website 2024-07-25 59 How APT groups operate in Southeast Asia
Details Website 2024-07-15 42 CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks
Details Website 2024-07-02 5 Pentesting results for 2023
Details Website 2024-06-28 41 Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer
Details Website 2024-06-26 76 Threat Analysis Insight: RisePro Information Stealer
Details Website 2024-06-25 47 How to detect the modular RAT CSHARP-STREAMER
Details Website 2024-06-20 114 深入剖析针对中国用户的攻击活动(判断为Hvv样本被捕获了,红队速来认领)
Details Website 2024-06-13 89 Arid Viper poisons Android apps with AridSpy
Details Website 2024-06-12 27 Dipping into Danger: The WARMCOOKIE backdoor — Elastic Security Labs
Details Website 2024-06-10 86 Technical Analysis of the Latest Variant of ValleyRAT
Details Website 2024-06-05 26 TargetCompany’s Linux Variant Targets ESXi Environments
Details Website 2024-06-05 25 TargetCompany’s Linux Variant Targets ESXi Environments