Skip to content

Hide Navigation Hide TOC

Potential Unquoted Service Path Reconnaissance Via Wmic.EXE (68bcd73b-37ef-49cb-95fc-edc809730be6)

Detects known WMI recon method to look for unquoted service paths using wmic. Often used by pentester and attacker enumeration scripts

Cluster A Galaxy A Cluster B Galaxy B Level
Potential Unquoted Service Path Reconnaissance Via Wmic.EXE (68bcd73b-37ef-49cb-95fc-edc809730be6) Sigma-Rules Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1