MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Execution/ T1047

T1047Windows Management Instrumentation

T1047 — Windows Management Instrumentation is a MITRE ATT&CK technique in the Execution tactic. Clankerusecase tracks 21 detection use cases covering it and 2 threat-intel articles citing it.

Execution

View on the matrix → Filter Detection Library MITRE official spec ↗

21Use cases

2Articles

0Sub-techniques

1Tactic

Use cases covering this technique (21)

Impacket Lateral Movement Commandline Parameters ESCU actions · alerting P Impacket Lateral Movement smbexec CommandLine Parameters ESCU actions · alerting P Impacket Lateral Movement WMIExec Commandline Parameters ESCU actions · alerting P Possible Lateral Movement PowerShell Spawn ESCU actions · hunting P PowerShell Invoke CIMMethod CIMSession ESCU actions · hunting P PowerShell Invoke WmiExec Usage ESCU actions · alerting P Process Execution via WMI ESCU actions · alerting P Remote Process Instantiation via WMI ESCU actions · alerting P Remote Process Instantiation via WMI and PowerShell ESCU actions · alerting P Remote Process Instantiation via WMI and PowerShell Script Block ESCU actions · alerting P Remote WMI Command Attempt ESCU actions · alerting P Script Execution via WMI ESCU actions · alerting P Windows WinRAR Launched Outside Default Installation Directory ESCU actions · hunting P Windows WMI Impersonate Token ESCU actions · hunting P Windows WMI Process And Service List ESCU actions · hunting P Windows WMI Process Call Create ESCU actions · hunting P Windows WMI Reconnaissance Class Query ESCU actions · hunting P WMI Permanent Event Subscription ESCU actions · alerting P WMI Temporary Event Subscription ESCU actions · alerting P Wmiprvse LOLBAS Execution Process Spawn ESCU actions · alerting P Wmiprsve LOLBAS Execution Process Spawn ESCU actions · alerting P

Articles citing this technique (2)

crit Webworm: New burrowing techniques art-240

crit GlassWorm Hides a RAT Inside a Malicious Chrome Extension art-458