Esc
System Information Discovery - T1082
(ATT&CK® Technique)
Definition
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR;
T1082["System Information Discovery"] --> |may-access| DecoyArtifact["Decoy Artifact"]; class T1082 OffensiveTechniqueNode;
class DecoyArtifact ArtifactNode; click DecoyArtifact href "/dao/artifact/d3f:DecoyArtifact";
click T1082 href "/offensive-technique/attack/T1082/"; click DecoyArtifact href "/dao/artifact/d3f:DecoyArtifact"; T1082["System Information Discovery"] --> |may-invoke| CreateProcess["Create Process"]; class T1082 OffensiveTechniqueNode;
class CreateProcess ArtifactNode; click CreateProcess href "/dao/artifact/d3f:CreateProcess";
click T1082 href "/offensive-technique/attack/T1082/"; click CreateProcess href "/dao/artifact/d3f:CreateProcess"; ExecutableAllowlisting["Executable Allowlisting"] -->
| filters | CreateProcess["Create Process"];
ExecutableAllowlisting["Executable Allowlisting"] -.->
| may-isolate | T1082["System Information Discovery"] ;
class ExecutableAllowlisting DefensiveTechniqueNode;
class CreateProcess ArtifactNode;
click ExecutableAllowlisting href "/technique/d3f:ExecutableAllowlisting"; ExecutableDenylisting["Executable Denylisting"] -->
| filters | CreateProcess["Create Process"];
ExecutableDenylisting["Executable Denylisting"] -.->
| may-isolate | T1082["System Information Discovery"] ;
class ExecutableDenylisting DefensiveTechniqueNode;
class CreateProcess ArtifactNode;
click ExecutableDenylisting href "/technique/d3f:ExecutableDenylisting"; Hardware-basedProcessIsolation["Hardware-based Process Isolation"] -->
| restricts | CreateProcess["Create Process"];
Hardware-basedProcessIsolation["Hardware-based Process Isolation"] -.->
| may-isolate | T1082["System Information Discovery"] ;
class Hardware-basedProcessIsolation DefensiveTechniqueNode;
class CreateProcess ArtifactNode;
click Hardware-basedProcessIsolation href "/technique/d3f:Hardware-basedProcessIsolation"; SystemCallFiltering["System Call Filtering"] -->
| filters | CreateProcess["Create Process"];
SystemCallFiltering["System Call Filtering"] -.->
| may-isolate | T1082["System Information Discovery"] ;
class SystemCallFiltering DefensiveTechniqueNode;
class CreateProcess ArtifactNode;
click SystemCallFiltering href "/technique/d3f:SystemCallFiltering"; SystemCallAnalysis["System Call Analysis"] -->
| analyzes | CreateProcess["Create Process"];
SystemCallAnalysis["System Call Analysis"] -.->
| may-detect | T1082["System Information Discovery"] ;
class SystemCallAnalysis DefensiveTechniqueNode;
class CreateProcess ArtifactNode;
click SystemCallAnalysis href "/technique/d3f:SystemCallAnalysis"; ProcessSpawnAnalysis["Process Spawn Analysis"] -->
| analyzes | CreateProcess["Create Process"];
ProcessSpawnAnalysis["Process Spawn Analysis"] -.->
| may-detect | T1082["System Information Discovery"] ;
class ProcessSpawnAnalysis DefensiveTechniqueNode;
class CreateProcess ArtifactNode;
click ProcessSpawnAnalysis href "/technique/d3f:ProcessSpawnAnalysis"; DecoyEnvironment["Decoy Environment"] -->
| manages | DecoyArtifact["Decoy Artifact"];
DecoyEnvironment["Decoy Environment"] -.->
| may-deceive | T1082["System Information Discovery"] ;
class DecoyEnvironment DefensiveTechniqueNode;
class DecoyArtifact ArtifactNode;
click DecoyEnvironment href "/technique/d3f:DecoyEnvironment";