WMI
Windows management instrumentation (WMI) is a tool that is implemented as a service to locally and remotely manages data, operations and configuring settings on windows operating systems.
WMI allows the administrator to see how the Operating system operates, what are its configurations and properties and to automatically collect a systems hardware and software data.
Malware/Threat actors
Preventions
<Mitigation techniques>
Detections
- Create a list of systems that will be used by IT to remotely administrate machines. Monitor network connections using WMI that are not within this list.
- Apply an algorithm on machines doing one-to-many connections in a specified time window using WMI.
Toolkit
<Toolkit instructions, if applicable>