← Back to hub

APT Chained WMIC Reconnaissance Detection

Detects suspicious chained use of wmic.exe by APT actors for system reconnaissance: hardware inventory, user accounts, running processes, and network config. Filters legitimate parents like WmiPrvSE and msiexec to reduce false positives.

🔒

Premium Content

This query requires an active subscription to access the code.

Get Access