T1010 - Application Window Discovery
Tactics:
Discovery
Discovery
Platforms:
Linux Windows macOS
Linux Windows macOS
Detection:
Not specified
Not specified
Description:
Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used.(Citation: Prevailion DarkWatchman 2021) For example, information about application windows could be used identify potential data to collect as well as identifying security tooling ([Security Software Discovery](https://attack.mitre.org/techniques/T1518/001)) to evade.(Citation: ESET Grandoreiro April 2020)
Adversaries typically abuse system features for this type of enumeration. For example, they may gather information through native system features such as [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059) commands and [Native API](https://attack.mitre.org/techniques/T1106) functions.
Adversaries typically abuse system features for this type of enumeration. For example, they may gather information through native system features such as [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059) commands and [Native API](https://attack.mitre.org/techniques/T1106) functions.
Used by Actors (3)
Malware (20)
PowerDuke other
PAKLOG other
TONESHELL other
NETWIRE other
Aria-body other
DUSTTRAP other
Machete other
InvisiMole other
WINERACK other
Kazuar other
Flagpro other
ROKRAT other
DarkWatchman other
Duqu other
DarkGate other
Metamorfo other
Trojan.Karagany other
Catchamas other
Attor other
NightClub other
Metadata
| MITRE ID: | T1010 |
| STIX ID: | attack-pattern--4ae4f953-fe58-... |
| Platforms: | Linux, Windows, macOS |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |