Software Discovery (T1518)

Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment. Adversaries may use the information from Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions. Adversaries may attempt to enumerate software for a variety of reasons, such as figuring out what security measures are present or if the compromised system has a version of software that is vulnerable to Exploitation for Privilege Escalation.

Source: https://github.com/mitre/cti
Related Prelude attack chains
Release Date (Newest)
Filterfilter
Search for chains, TTPs, themes, and text

Browse By:

Platforms

  • All
  • Windows
  • Darwin
  • Linux
  • Global
  • Android

Themes

Tags

Licenses

GTsST Iron Viking AWFULSHRED

2022-06-22

/static/assets/linux-logo.svg
SSH worm which installs a wiper on the machine it has infected
GTsST Sandworm Team

2022-06-07

/static/assets/linux-logo.svg
Emulate Sandworm privileged persistence from a campaign targeting Centreon systems
Android ADB Shell

2021-12-07

/static/assets/android-logo.svg
A first collection of TTPs for Android specifically targeting ADB shell commands
B1-66ER (Discovery)

2021-10-12

/static/assets/linux-logo.svg
Perform discovery techniques to determine if an agent has access to a ML/DL environment.
Baron Samedit (Persistence)

2021-08-10

/static/assets/linux-logo.svg
Leverage a Heap-Based Buffer Overflow in Sudo to create a persistence user.
Baron Samedit (Spawn Agent)

2021-08-10

/static/assets/linux-logo.svg
Leverage a Heap-Based Buffer Overflow in Sudo to spawn an elevated agent.