We're updating the issue view to help you get more done. 

Windows Management Instrumentation

Description

Windows Management Instrumentation (WMI) is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) (Citation: Wikipedia SMB) and Remote Procedure Call Service (RPCS) (Citation: TechNet RPC) for remote access. RPCS operates over port 135. (Citation: MSDN WMI)

An adversary can use WMI to interact with local and remote systems and use it as a means to perform many tactic functions, such as gathering information for Discovery and remote Execution of files as part of Lateral Movement. (Citation: FireEye WMI 2015)

id

T1047

tactic

execution

datasources

Process command-line parameters
Process monitoring
Authentication logs
Netflow/Enclave netflow

maturity

Not Tracked

Assignee

Unassigned
Configure