Service Reconnaissance Via Wmic.EXE (76f55eaa-d27f-4213-9d45-7b0e4b60bbae)
An adversary might use WMI to check if a certain remote service is running on a remote device. When the test completes, a service information will be displayed on the screen if it exists. A common feedback message is that "No instance(s) Available" if the service queried is not running. A common error message is "Node - (provided IP or default) ERROR Description =The RPC server is unavailable" if the provided remote host is unreachable
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Service Reconnaissance Via Wmic.EXE (76f55eaa-d27f-4213-9d45-7b0e4b60bbae) | Sigma-Rules | Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) | Attack Pattern | 1 |