T1082

System Information Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use this information to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions. This behavior is distinct from [Local Storage Discovery](https://attack.mitre.org/techniques/T1680) which is an adversary's discovery of local drive, disks and/or volumes...

ESXiIaaSLinuxmacOSNetwork DevicesWindows

Detections

Sources

Threat Actors

BY SOURCE

33elastic31sigma16splunk_escu

PROCEDURES (37)

Process Creation Monitoring10 detections

Auto-extracted: 10 detections for process creation monitoring

General Monitoring8 detections

Auto-extracted: 8 detections for general monitoring

Exfiltrat4 detections

Auto-extracted: 4 detections for exfiltrat

Container3 detections

Auto-extracted: 3 detections for container

Network Connection Monitoring3 detections

Auto-extracted: 3 detections for network connection monitoring

Container3 detections

Auto-extracted: 3 detections for container

Wmi3 detections

Auto-extracted: 3 detections for wmi

Kernel3 detections

Auto-extracted: 3 detections for kernel

Kernel3 detections

Auto-extracted: 3 detections for kernel

Unusual3 detections

Auto-extracted: 3 detections for unusual

Persist2 detections

Auto-extracted: 2 detections for persist

Kernel2 detections

Auto-extracted: 2 detections for kernel

Persist2 detections

Auto-extracted: 2 detections for persist

Remote2 detections

Auto-extracted: 2 detections for remote

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Wmi2 detections

Auto-extracted: 2 detections for wmi

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Child Process2 detections

Auto-extracted: 2 detections for child process

Unusual2 detections

Auto-extracted: 2 detections for unusual

Registry2 detections

Auto-extracted: 2 detections for registry

Lateral1 detections

Auto-extracted: 1 detections for lateral

Privilege1 detections

Auto-extracted: 1 detections for privilege

Cloud1 detections

Auto-extracted: 1 detections for cloud

Azure1 detections

Auto-extracted: 1 detections for azure

Wmi1 detections

Auto-extracted: 1 detections for wmi

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

Privilege1 detections

Auto-extracted: 1 detections for privilege

Remote1 detections

Auto-extracted: 1 detections for remote

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

Service1 detections

Auto-extracted: 1 detections for service

Powershell1 detections

Auto-extracted: 1 detections for powershell

Lateral1 detections

Auto-extracted: 1 detections for lateral

Cloud1 detections

Auto-extracted: 1 detections for cloud

Powershell1 detections

Auto-extracted: 1 detections for powershell

Credential1 detections

Auto-extracted: 1 detections for credential

Wmi1 detections

Auto-extracted: 1 detections for wmi

Wmi1 detections

Auto-extracted: 1 detections for wmi

DETECTIONS (80)

Bitbucket User Details Export Attempt Detected

System Information Discovery

BY SOURCE

PROCEDURES (37)

THREAT ACTORS (55)

DETECTIONS (80)