セキュリティ研究者がラボ環境でマルウェアを実行したところ、EDR ツールから次のコマンドが実行されていることが分かりました。

このコマンドは、次の MITRE ATT&CK TTP のどれに関連付けられていますか? (2 つ選択してください)。
正解:B,E
OS credential dumping is the process of obtaining account login and password information, normally in the form of a hash or a clear text password, from the operating system and software. System information discovery is the process of gathering information about the system, such as hostname, IP address, OS version, running processes, etc. Both of these techniques are commonly used by adversaries to gain access to sensitive data and resources on the target system. The command shown in the image is using Mimikatz, a tool that can dump credentials from memory, and also querying the system information using WMIC. Verified References:
https://attack.mitre.org/techniques/T1003/
https://attack.mitre.org/techniques/T1082/
https://github.com/gentilkiwi/mimikatz
https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmic