T1082

System Information Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use this information to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions. This behavior is distinct from [Local Storage Discovery](https://attack.mitre.org/techniques/T1680) which is an adversary's discovery of local drive, disks and/or volumes...

ESXiIaaSLinuxmacOSNetwork DevicesWindows

Detections

Sources

Threat Actors

BY SOURCE

36elastic33sigma17splunk_escu

PROCEDURES (41)

Process Creation Monitoring10 detections

Auto-extracted: 10 detections for process creation monitoring

General Monitoring7 detections

Auto-extracted: 7 detections for general monitoring

Network Connection Monitoring3 detections

Auto-extracted: 3 detections for network connection monitoring

Kernel3 detections

Auto-extracted: 3 detections for kernel

Container3 detections

Auto-extracted: 3 detections for container

Driver2 detections

Auto-extracted: 2 detections for driver

Privilege2 detections

Auto-extracted: 2 detections for privilege

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Child Process2 detections

Auto-extracted: 2 detections for child process

Unusual2 detections

Auto-extracted: 2 detections for unusual

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Wmi2 detections

Auto-extracted: 2 detections for wmi

Persist2 detections

Auto-extracted: 2 detections for persist

Azure2 detections

Auto-extracted: 2 detections for azure

Remote2 detections

Auto-extracted: 2 detections for remote

Kernel2 detections

Auto-extracted: 2 detections for kernel

Registry2 detections

Auto-extracted: 2 detections for registry

Container2 detections

Auto-extracted: 2 detections for container

Kernel2 detections

Auto-extracted: 2 detections for kernel

Wmi2 detections

Auto-extracted: 2 detections for wmi

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Unusual1 detections

Auto-extracted: 1 detections for unusual

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Remote1 detections

Auto-extracted: 1 detections for remote

Wmi1 detections

Auto-extracted: 1 detections for wmi

Lateral1 detections

Auto-extracted: 1 detections for lateral

Dump1 detections

Auto-extracted: 1 detections for dump

Dump1 detections

Auto-extracted: 1 detections for dump

Powershell1 detections

Auto-extracted: 1 detections for powershell

Credential1 detections

Auto-extracted: 1 detections for credential

Wmi1 detections

Auto-extracted: 1 detections for wmi

Lateral1 detections

Auto-extracted: 1 detections for lateral

Wmi1 detections

Auto-extracted: 1 detections for wmi

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

Privilege1 detections

Auto-extracted: 1 detections for privilege

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

Service1 detections

Auto-extracted: 1 detections for service

Lateral1 detections

Auto-extracted: 1 detections for lateral

Credential1 detections

Auto-extracted: 1 detections for credential

Credential1 detections

Auto-extracted: 1 detections for credential

Dump1 detections

Auto-extracted: 1 detections for dump

DETECTIONS (86)

Bitbucket User Details Export Attempt Detected

System Information Discovery

BY SOURCE

PROCEDURES (41)

THREAT ACTORS (57)

DETECTIONS (86)