Skip to content

Hide Navigation Hide TOC

Potential Product Class Reconnaissance Via Wmic.EXE (e568650b-5dcd-4658-8f34-ded0b1e13992)

Detects the execution of WMIC in order to get a list of firewall, antivirus and antispywware products. Adversaries often enumerate security products installed on a system to identify security controls and potential ways to evade detection or disable protection mechanisms. This information helps them plan their next attack steps and choose appropriate techniques to bypass security measures.

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Potential Product Class Reconnaissance Via Wmic.EXE (e568650b-5dcd-4658-8f34-ded0b1e13992) Sigma-Rules 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Potential Product Class Reconnaissance Via Wmic.EXE (e568650b-5dcd-4658-8f34-ded0b1e13992) Sigma-Rules 1