Description

The Process Enumeration feature in malware provides attackers with a detailed inventory of all running processes on a compromised system. This is the digital equivalent of a burglar quietly taking stock of valuables in a home. By cataloging active processes, the malware gains insights into the software environment, including potential vulnerabilities and operational characteristics of the target system. This information can be invaluable for escalating privileges, inserting additional payloads, or avoiding detection by identifying security software that may be running. Process Enumeration thereby serves as a crucial intelligence-gathering step, arming attackers with the necessary data to tailor their subsequent actions for maximum impact and minimum detection.

Existing Techniques

Name	Associated Feature(s)	Has Snippet	Matching Sample
Loaded Modules Enumeration	Process Manager		0
Process Dump	Process Manager, Password Recovery		0
Process Information Gathering	Process Manager		0
Running Process Enumeration	Process Manager		0

Associated with Releases

Version	Origins	Authors	Languages	Release Date
Back Orifice 1.20	United States 🇺🇸	Cult of the Dead Cow (cDc)	C++	Jul, 1998
NetBus 1.70	Sweden 🇸🇪	cf	Delphi	Nov, 1998
SubSeven 1.0	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Feb, 1999
SubSeven 1.1	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Mar, 1999
SubSeven 1.2	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Mar, 1999
SubSeven 1.3	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Mar, 1999
SubSeven 1.4	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Mar, 1999
SubSeven 1.5	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Apr, 1999
SubSeven 1.6	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Apr, 1999
SubSeven 1.7	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	May, 1999
SubSeven 1.8	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	May, 1999
SubSeven 1.9	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Jun, 1999
Back Orifice 2000 (BO2K) 1.0	United States 🇺🇸	Cult of the Dead Cow (cDc)	C++	Jul, 1999
SubSeven 1.9 Apocalypse	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Aug, 1999
SubSeven 2.0	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Sep, 1999
SchoolBus 2.0	Turkey 🇹🇷	Serdar Kabaoglu	Delphi	Oct, 1999
SubSeven 2.1	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Nov, 1999
SubSeven 2.1.1 GOLD edition	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Feb, 2000
SubSeven 2.1.2 M.U.I.E	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Apr, 2000
Y3K rat 1.0	Greece 🇬🇷	firelarm , Chucky	Delphi	May, 2000
SubSeven 2.1.3 BONUS	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Jun, 2000
SubSeven 2.1.4 DEFCON 8	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Jul, 2000
Y3K rat 1.5	Greece 🇬🇷	firelarm , Chucky	Delphi	Jan, 2001
SubSeven 2.2	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Mar, 2001
Y3K rat 1.6 MS	Greece 🇬🇷	firelarm , Chucky	Delphi	Jul, 2001
Optix Pro 1.0	Unknown 🏴‍☠️	s13az3	Delphi	Apr, 2002
Net-Devil 1.5	Unknown 🏴‍☠️	Nilez	Delphi	Jul, 2002
Ghost 2.4	Israel 🇮🇱	Lame_Joker	Visual Basic 6 (VB6)	Sep, 2002
Beast 1.7	Romania 🇷🇴	Tataye	Delphi	Oct, 2002
Beast 1.8	Romania 🇷🇴	Tataye	Delphi	Nov, 2002
MoSucker 3.0b	Germany 🇩🇪	Superchachi	Visual Basic 6 (VB6)	Nov, 2002
Beast 1.90	Romania 🇷🇴	Tataye	Delphi	Dec, 2002
Turkojan 1.0	Turkey 🇹🇷	Fungus	Delphi	Jan, 2003
Beast 1.91	Romania 🇷🇴	Tataye	Delphi	Jan, 2003
Beast 1.92	Romania 🇷🇴	Tataye	Delphi	Feb, 2003
SubSeven 2.1.5 Legends	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Feb, 2003
CIA 1.0	England 🏴󠁧󠁢󠁥󠁮󠁧󠁿	Alchemist	Visual Basic 6 (VB6)	Mar, 2003
CIA 1.1	England 🏴󠁧󠁢󠁥󠁮󠁧󠁿	Alchemist	Visual Basic 6 (VB6)	Apr, 2003
Beast 2.00	Romania 🇷🇴	Tataye	Delphi	May, 2003
Beast 2.01	Romania 🇷🇴	Tataye	Delphi	Jun, 2003
LanFiltrator 1.1 Fix 1	Australia 🇦🇺	Read101	Delphi	Aug, 2003
Optix Pro 1.32	Unknown 🏴‍☠️	s13az3 , xMs	Delphi	Sep, 2003
CIA 1.2	England 🏴󠁧󠁢󠁥󠁮󠁧󠁿	Alchemist	Visual Basic 6 (VB6)	Sep, 2003
Beast 2.05	Romania 🇷🇴	Tataye	Delphi	Sep, 2003
Beast 2.02	Romania 🇷🇴	Tataye	Delphi	Sep, 2003
Sinique 1.0	Unknown 🏴‍☠️	xtremeNTL	Delphi	Oct, 2003
Fearless Lite 1.01	Australia 🇦🇺, France 🇫🇷	Read101 , Triforce	Delphi	Nov, 2003
ProRat 1.1	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Jan, 2004
Hue 1.0	Unknown 🏴‍☠️	B33T	Visual Basic 6 (VB6)	Jan, 2004
ProRat 1.2	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Jan, 2004