Skip to content

Hide Navigation Hide TOC

System Disk And Volume Reconnaissance Via Wmic.EXE (c79da740-5030-45ec-a2e0-479e824a562c)

An adversary might use WMI to discover information about the system, such as the volume name, size, free space, and other disk information. This can be done using the 'wmic' command-line utility and has been observed being used by threat actors such as Volt Typhoon.

Cluster A Galaxy A Cluster B Galaxy B Level
System Disk And Volume Reconnaissance Via Wmic.EXE (c79da740-5030-45ec-a2e0-479e824a562c) Sigma-Rules Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1
System Disk And Volume Reconnaissance Via Wmic.EXE (c79da740-5030-45ec-a2e0-479e824a562c) Sigma-Rules System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1