Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment. Adversaries may use the information from Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Adversaries may attempt to enumerate software for a variety of reasons, such as figuring out what security measures are present or if the compromised system has a version of software that is vulnerable to Exploitation for Privilege Escalation.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| CVE-2016-3351 | n/a | uncategorized | T1518 | Software Discovery |
| action.hacking.variety.Footprinting | Footprinting and fingerprinting | related-to | T1518 | Software Discovery |
| Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1518.001 | Security Software Discovery | 2 |