Computer System Reconnaissance Via Wmic.EXE (9d7ca793-f6bd-471c-8d0f-11e68b2f0d2f)
Detects execution of wmic utility with the "computersystem" flag in order to obtain information about the machine such as the domain, username, model, etc.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Computer System Reconnaissance Via Wmic.EXE (9d7ca793-f6bd-471c-8d0f-11e68b2f0d2f) | Sigma-Rules | Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) | Attack Pattern | 1 |