EXPLORE
Sign In
← Back to Explore
T1518.001

Security Software Discovery

Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as cloud monitoring agents and anti-virus. Adversaries may use the information from [Security Software Discovery](https://attack.mitre.org/techniques/T1518/001) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specifi...

IaaSLinuxmacOSWindows
8
Detections
2
Sources
27
Threat Actors

BY SOURCE

7sigma1elastic

PROCEDURES (2)

Process Creation Monitoring6 detections

Auto-extracted: 6 detections for process creation monitoring

Script Execution Monitoring2 detections

Auto-extracted: 2 detections for script execution monitoring

THREAT ACTORS (27)

APT38APT42Aquatic PandaBlackByteCobalt GroupDarkhotelFIN8Gamaredon GroupKimsukyMalteiroMedusa GroupMuddyWaterNaikonPatchworkPlayRockeSideCopySidewinderStorm-0501TA2541TeamTNTThe White CompanyToddyCatTropic TrooperTurlaWindshiftWizard Spider

DETECTIONS (8)

Security Software Discovery - Linux
sigmalow
Security Software Discovery - MacOs
sigmamedium
Security Software Discovery via Grep
elasticmedium
Security Software Discovery Via Powershell Script
sigmamedium
Security Tools Keyword Lookup Via Findstr.EXE
sigmamedium
Sysmon Discovery Via Default Driver Altitude Using Findstr.EXE
sigmahigh
System Integrity Protection (SIP) Disabled
sigmamedium
System Integrity Protection (SIP) Enumeration
sigmalow