T1010: Application Window Discovery

View on MITRE ATT&CK T1010
Tactic(s) Discovery

Data from MITRE ATT&CK®:

Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used.(Citation: Prevailion DarkWatchman 2021) For example, information about application windows could be used identify potential data to collect as well as identifying security tooling (Security Software Discovery) to evade.(Citation: ESET Grandoreiro April 2020)

Adversaries typically abuse system features for this type of enumeration. For example, they may gather information through native system features such as Command and Scripting Interpreter commands and Native API functions.

© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Cyber Threat Graph Context

Explore how this ATT&CK Technique relates to the wider threat graph

Reporting on this Technique

Report

APT40 Advisory - PRC MSS tradecraft in action

This advisory, authored by the Australian Cyber Security Centre and multiple other international cybersecurity agencies, outlines the threat posed ...

View Source
Report

GhostSec’s joint ransomware operation and evolution of their arsenal

This Threat Spotlight from Cisco Talos describes the evolution of GhostSec's ransomware operations including their work with the Stormous ...

View Source
Report

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

Following an initial advisory issued in May 2023, this advisory from CISA, NSA and partners outlines information on the broader campaign of cyber ...

View Source

How to detect this technique

MITRE ATT&CK Data Components

Control Validation Tests for this Technique

Use Atomic Red Team tests to test your defenses against this technique.

Sigma Detections for this Technique