Register to stream ATT&CKcon 2.0 October 29-30

OSInfo

OSInfo is a custom tool used by APT3 to do internal discovery on a victim's computer and network. [1]

ID: S0165
Type: MALWARE
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1087 Account Discovery OSInfo enumerates local and domain users [1]
Enterprise T1135 Network Share Discovery OSInfo discovers shares on the network [1]
Enterprise T1069 Permission Groups Discovery OSInfo specifically looks for Domain Admins, Power Users, and the Administrators groups within the domain and locally [1]
Enterprise T1012 Query Registry OSInfo queries the registry to look for information about Terminal Services. [1]
Enterprise T1018 Remote System Discovery OSInfo performs a connection test to discover remote systems in the network [1]
Enterprise T1082 System Information Discovery OSInfo discovers information about the infected machine. [1]
Enterprise T1016 System Network Configuration Discovery OSInfo discovers the current domain information. [1]
Enterprise T1049 System Network Connections Discovery OSInfo enumerates the current network connections similar to net use . [1]

Groups That Use This Software

ID Name References
G0022 APT3 [1]

References