T1010Techniquediscoveryagent-callable

T1010Application Window Discovery

Platforms: macOS · Windows · Linux

ATT&CK version: 14.1

What it is

Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used.(Citation: Prevailion DarkWatchman 2021) For example, information about application windows could be used identify potential data to collect as well as identifying security tooling ([Security Software Discovery](https://attack.mitre.org/techniques/T1518/001)) to evade.(Citation: ESET Grandoreiro April 2020) Adversaries typically abuse system features for this type of enumeration. For example, they may gather information through native system features such as [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059) commands and [Native API](https://attack.mitre.org/techniques/T1106) functions.

ATT&CK tactics· 1

Discovery

References

  1. https://attack.mitre.org/techniques/T1010
  2. https://www.welivesecurity.com/2020/04/28/grandoreiro-how-engorged-can-exe-get/
  3. https://www.prevailion.com/darkwatchman-new-fileless-techniques/
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.