Process Reconnaissance Via Wmic.EXE (221b251a-357a-49a9-920a-271802777cc0)
Detects the execution of "wmic" with the "process" flag, which adversary might use to list processes running on the compromised host or list installed software hotfixes and patches.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) | Attack Pattern | Process Reconnaissance Via Wmic.EXE (221b251a-357a-49a9-920a-271802777cc0) | Sigma-Rules | 1 |