ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引页]

译者: 林妙倩、戴亦仑 原创翻译作品,如果需要转载请取得翻译作者同意。

数据来源:ATT&CK Matrices


术语表: /attack/glossary


攻击者可能会尝试获取系统上安装的与安全无关的软件的列表。攻击者可以在自动发现过程中使用来自 软件披露 (T1518)的信息来塑造后续行为,包括攻击者是否完全感染目标和或尝试采取特定行动。

Adversaries may attempt to get a listing of non-security related software that is installed on the system. Adversaries may use the information from Software Discovery(T1518) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.


编号: T1518

策略: 披露

平台: Linux,macOS,Windows

所需权限: User, Administrator



名称 描述
Orz (S0229) Orz (S0229) 可以收集受害者的Internet Explorer版本。
Name Description
Orz (S0229) Orz (S0229)can gather the victim's Internet Explorer version.



This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.



监视进程和命令行参数以了解可以采取哪些措施来收集系统和网络信息。具有内置功能的远程访问工具可以直接与Windows API交互以收集信息。也可以通过Windows系统管理工具(例如[Windows Management Instrumentation(T1047)和PowerShell获取信息 (T1086)。

System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as lateral movement, based on the information obtained.

Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation(T1047) and [PowerShell(T1086).