Potential Product Class Reconnaissance Via Wmic.EXE (e568650b-5dcd-4658-8f34-ded0b1e13992)
Detects the execution of WMIC in order to get a list of firewall and antivirus products
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Potential Product Class Reconnaissance Via Wmic.EXE (e568650b-5dcd-4658-8f34-ded0b1e13992) | Sigma-Rules | Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) | Attack Pattern | 1 |