Home/ MITRE Matrix/ Discovery/ T1057

T1057Process Discovery

T1057 — Process Discovery is a MITRE ATT&CK technique in the Discovery tactic. Clankerusecase tracks 4 detection use cases covering it and 6 threat-intel articles citing it.

Discovery

View on the matrix → Filter Detection Library MITRE official spec ↗

4Use cases

6Articles

0Sub-techniques

1Tactic

Use cases covering this technique (4)

Windows Process Commandline Discovery ESCU actions · hunting P [LLM] Cross-platform memory scraping of GitHub Actions Runner.Worker process Bespoke actions · hunting DSPDDCS [LLM] GitHub Actions Runner.Worker process-memory secret scraping (Miasma payload) Bespoke actions · alerting DSΣPDDCS [LLM] nezha-agent spawning credential-access shell commands on Linux (post-RCE) Bespoke actions · alerting DSΣPDDCS

Articles citing this technique (6)

high Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter art-78

crit Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign art-139

crit [GHSA / CRITICAL] CVE-2026-46716: Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron art-213

crit FrostyNeighbor: Fresh mischief and digital shenanigans art-309

crit PlushDaemon compromises network devices for adversary-in-the-middle attacks art-695

crit Gotta fly: Lazarus targets the UAV sector art-734