|Enterprise||T1087||.001||Account Discovery: Local Account|
|Enterprise||T1071||.001||Application Layer Protocol: Web Protocols|
|Enterprise||T1083||File and Directory Discovery||
GeminiDuke collects information from the victim, including installed drivers, programs previously executed by users, programs and services configured to automatically run at startup, files and folders present in any user's home folder, files and folders present in any user's My Documents, programs installed to the Program Files folder, and recently accessed files, folders, and programs.
|Enterprise||T1016||System Network Configuration Discovery|
|Enterprise||T1007||System Service Discovery|