Log Enumeration (T1654)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Log Enumeration

Associated Tactics

  • Discovery

Discovery (TA0007)

The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.

View on ATT&CK

Procedure Examples

Description Source(s)
Ian Ahl. (2023, May 22). Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor. Retrieved August 30, 2024. Permiso GUI-Vil 2023
Mandiant Intelligence. (2023, May 16). SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack. Retrieved June 2, 2023. SIM Swapping and Abuse of the Microsoft Azure Serial Console
Microsoft Threat Intelligence. (2023, June 14). Cadet Blizzard emerges as a novel and distinct Russian threat actor. Retrieved July 10, 2023. Cadet Blizzard emerges as novel threat actor
Ruohonen, S. & Robinson, S. (2023, February 2). No Pineapple! -DPRK Targeting of Medical Research and Technology Sector. Retrieved July 10, 2023. WithSecure Lazarus-NoPineapple Threat Intel Report 2023