Check out the results from our first round of ATT&CK Evaluations at!


OSInfo is a custom tool used by APT3 to do internal discovery on a victim's computer and network. [1]

ID: S0165
Aliases: OSInfo
Platforms: Windows

Version: 1.0

Techniques Used

EnterpriseT1087Account DiscoveryOSInfo enumerates local and domain users[1]
EnterpriseT1135Network Share DiscoveryOSInfo discovers shares on the network[1]
EnterpriseT1069Permission Groups DiscoveryOSInfo specifically looks for Domain Admins, Power Users, and the Administrators groups within the domain and locally[1]
EnterpriseT1012Query RegistryOSInfo queries the registry to look for information about Terminal Services.[1]
EnterpriseT1018Remote System DiscoveryOSInfo performs a connection test to discover remote systems in the network[1]
EnterpriseT1082System Information DiscoveryOSInfo discovers information about the infected machine.[1]
EnterpriseT1016System Network Configuration DiscoveryOSInfo discovers the current domain information.[1]
EnterpriseT1049System Network Connections DiscoveryOSInfo enumerates the current network connections similar to net use .[1]


Groups that use this software: