WMI Event Consumers: what are you missing? :: Velociraptor - Digging deeper!
Tags
cmtmf-attack-pattern: Event Triggered Execution
attack-pattern: Data Event Triggered Execution - T1624 Event Triggered Execution - T1546 Powershell - T1059.001 Windows Management Instrumentation Event Subscription - T1546.003 Powershell - T1086 Windows Management Instrumentation Event Subscription - T1084
Show in Graph
Common Information
Type Value
UUID ba2fb098-16e5-47c6-a4ac-f2520d055712
Fingerprint 33d09d5f41f78b86
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published Jan. 12, 2022, midnight
Added to db Aug. 31, 2024, 2:05 a.m.
Last updated Oct. 4, 2024, 7:59 p.m.
Headline WMI Event Consumers: what are you missing?
Title WMI Event Consumers: what are you missing? :: Velociraptor - Digging deeper!
Detected Hints/Tags/Attributes 28/2/7
Source URLs
Redirection Url
Details Source https://docs.velociraptor.app/blog/2022/2022-01-12-wmi-eventing/
URL Provider
Details Provider Source level domain
Details velociraptor.app docs.velociraptor.app
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 104 Velociraptor Blog https://docs.velociraptor.app/blog/index.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
system.id
Details Domain 37 
googlegroups.com
Details Domain 35 
www.velocidex.com
Details Email 31 
velociraptor-discuss@googlegroups.com
Details File 15 
windows.sys
Details MITRE ATT&CK Techniques 22 
T1546.003
Details Url 28 
https://www.velocidex.com/discord