Windows Hotfix Updates Reconnaissance Via Wmic.EXE (dfd2fcb7-8bd5-4daa-b132-5adb61d6ad45)
Detects the execution of wmic with the "qfe" flag in order to obtain information about installed hotfix updates on the system. This is often used by pentester and attacker enumeration scripts
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) | Attack Pattern | Windows Hotfix Updates Reconnaissance Via Wmic.EXE (dfd2fcb7-8bd5-4daa-b132-5adb61d6ad45) | Sigma-Rules | 1 |