System Information Discovery¶

Detect enumeration of Windows system information via systeminfo.exe

id:	4b9c2df7-87e2-4bbc-9123-9779ecb2dbf2
categories:	hunt
confidence:	medium
os:	windows
created:	11/30/2018
updated:	11/30/2018

MITRE ATT&CK™ Mapping¶

tactics:	Discovery
techniques:	T1082 System Information Discovery

Query¶

process where subtype.create and process_name == "systeminfo.exe"
| unique user_name, command_line

Detonation¶

Atomic Red Team: T1082

Contributors¶

Endgame

Read the Docs v: latest

Versions: latest

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.