System Information Discovery (T1082)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • System Information Discovery

Associated Tactics

  • Discovery

Discovery (TA0007)

The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.

View on ATT&CK

Procedure Examples

Description Source(s)
Amazon. (n.d.). describe-instance-information. Retrieved March 3, 2020. Amazon Describe Instance
Google. (n.d.). Rest Resource: instance. Retrieved March 3, 2020. Google Instances Resource
Microsoft. (2019, March 1). Virtual Machines - Get. Retrieved October 8, 2019. Microsoft Virutal Machine API
Phil Stokes. (2021, February 16). 20 Common Tools & Techniques Used by macOS Threat Actors & Malware. Retrieved August 23, 2021. 20 macOS Common Tools and Techniques
Phile Stokes. (2018, September 20). On the Trail of OSX.FairyTale | Adware Playing at Malware. Retrieved August 24, 2021. OSX.FairyTale
US-CERT. (2018, April 20). Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020. US-CERT-TA18-106A