Hardware Model Reconnaissance Via Wmic.EXE (3e3ceccd-6c06-48b8-b5ff-ab1d25db8c1d)
Detects the execution of WMIC with the "csproduct" which is used to obtain information such as hardware models and vendor information
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) | Attack Pattern | Hardware Model Reconnaissance Via Wmic.EXE (3e3ceccd-6c06-48b8-b5ff-ab1d25db8c1d) | Sigma-Rules | 1 |