Enumeration of System Information

System information enumeration and discovery via built-in tools.

id:6a1247d5-8b8a-4a5c-8d35-dd9ef220e7d1
categories:enrich
confidence:low
os:linux
created:7/26/2019
updated:7/26/2019

MITRE ATT&CK™ Mapping

tactics:Discovery
techniques:T1082 System Information Discovery

Query

process where subtype.create and (
  process_name == "uname" or (
  process_name in ("cat", "more", "less") and
    wildcard(command_line,
             "* /etc/issue*",    "* /proc/version*", "* /etc/profile*",
             "* /etc/services*", "* /proc/cpuinfo*",)
  ))

Contributors