Tag
medium
advisory
Service Reconnaissance via WMIC.exe
2 rules 1 TTPAdversaries use WMIC.exe to enumerate running services on remote devices, potentially identifying valuable targets or misconfigured systems.
Windows
attack.execution
attack.t1047
2r
1t
medium
advisory
Service Startup Type Modification via WMIC
2 rules 2 TTPsAdversaries use the Windows Management Instrumentation Command-line (WMIC) utility to modify the startup type of services, setting them to 'Manual' or 'Disabled' to impair defenses or disrupt system operations.
Windows
attack.execution
attack.t1047
attack.defense-evasion
attack.t1562.001
2r
2t