System Owner or User Discovery - Linux (9a0d8ca0-2385-4020-b6c6-cb6153ca56f3)
Detects the execution of host or user discovery utilities such as "whoami", "hostname", "id", etc. Adversaries may use the information from System Owner/User Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) | Attack Pattern | System Owner or User Discovery - Linux (9a0d8ca0-2385-4020-b6c6-cb6153ca56f3) | Sigma-Rules | 1 |