Common Information
| Type | Value |
|---|---|
| Value |
System Information Discovery - T1082 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. ===Windows=== Example commands and utilities that obtain this information include <code>ver</code>, Systeminfo, and <code>dir</code> within cmd for identifying information based on present files and directories. ===Mac=== On Mac, the <code>systemsetup</code> command gives a detailed breakdown of the system, but it requires administrative privileges. Additionally, the <code>system_profiler</code> gives a very detailed breakdown of configurations, firewall rules, mounted volumes, hardware, and many other things without needing elevated permissions. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities based on the information obtained. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-06-01 | 48 | Ngioweb Remains Active 7 Years Later | ||
| Details | Website | 2024-05-22 | 19 | Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages | ||
| Details | Website | 2024-05-22 | 13 | Analysis of the Gomir malware by North Korean threat actor Kimsuky — ShadowStackRE | ||
| Details | Website | 2024-05-16 | 23 | Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024 | ||
| Details | Website | 2024-05-15 | 45 | To the Moon and back(doors): Lunar landing in diplomatic missions | ||
| Details | Website | 2024-04-30 | 64 | Deep Analysis of SecretCalls, A formidable app for notorious Korean financial fraudsters (Part 2) | ||
| Details | Website | 2024-04-17 | 26 | Threat Group FIN7 Targets the U.S. Automotive Industry | ||
| Details | Website | 2024-04-17 | 90 | Malvertising campaign targeting IT teams with MadMxShell | ||
| Details | Website | 2024-04-11 | 94 | Cybercriminal Campaign Spreads Infostealers, Highlighting Risks to Web3 Gaming | Recorded Future | ||
| Details | Website | 2024-04-11 | 24 | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear | ||
| Details | Website | 2024-04-01 | 124 | From OneNote to RansomNote: An Ice Cold Intrusion | ||
| Details | Website | 2024-03-25 | 39 | APT29 Uses WINELOADER to Target German Political Parties | Google Cloud Blog | ||
| Details | Website | 2024-03-12 | 24 | Tweaks Stealer Targets Roblox Users Through YouTube and Discord | ||
| Details | Website | 2024-02-20 | 137 | Earth Preta Campaign Uses DOPLUGS to Target Asia | ||
| Details | Website | 2024-02-01 | 47 | VajraSpy: A Patchwork of espionage apps | ||
| Details | Website | 2024-01-30 | 109 | Recent DarkGate Activity & Trends | ||
| Details | Website | 2024-01-22 | 5 | Pulsedive Blog | Pikabot Rising | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-11-30 | 27 | AeroBlade on the Hunt Targeting the U.S. Aerospace Industry | ||
| Details | Website | 2023-11-19 | 117 | LitterDrifter: a new USB worm used by the Gamaredon group | ||
| Details | Website | 2023-11-17 | 80 | WinRAR CVE-2023-38831 Vulnerability: Malware Exploits & APT Attacks | ||
| Details | Website | 2023-11-13 | 78 | Don’t throw a hissy fit; defend against Medusa | ||
| Details | Website | 2023-11-06 | 203 | SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT - Blogs on Information Technology, Network & Cybersecurity | Seqrite | ||
| Details | Website | 2023-11-06 | 67 | New Open-Source 'Trap Stealer' Pilfers Data in just 6 Seconds | ||
| Details | Website | 2023-11-03 | 106 | Exploitation of CVE-2023-46604 Leading to Ransomware |