Uncommon System Information Discovery Via Wmic.EXE (9d5a1274-922a-49d0-87f3-8c653483b909)
Detects the use of the WMI command-line (WMIC) utility to identify and display various system information, including OS, CPU, GPU, and disk drive names; memory capacity; display resolution; and baseboard, BIOS, and GPU driver products/versions. Some of these commands were used by Aurora Stealer in late 2022/early 2023.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) | Attack Pattern | Uncommon System Information Discovery Via Wmic.EXE (9d5a1274-922a-49d0-87f3-8c653483b909) | Sigma-Rules | 1 |