Software Discovery: Backup Software Discovery (T1518.002)
Tactic: Discovery · Platforms: Windows, macOS, Linux
The interactive view maps 1 detection strategy, 1 threat group to this technique, alongside D3FEND countermeasures and data-component coverage.
Sub-technique of Software Discovery (T1518).
Overview
Adversaries may attempt to get a listing of backup software or configurations that are installed on a system. Adversaries may use this information to shape follow-on behaviors, such as Data Destruction, Inhibit System Recovery, or Data Encrypted for Impact.
Commands that can be used to obtain security software information are netsh, `reg query` with Reg, `dir` with cmd, and Tasklist, but other indicators of discovery behavior may be more specific to the type of software or security system the adversary is looking for, such as Veeam, Acronis, Dropbox, or Paragon.