Show in Graph
Common Information
Type Value
Value 
System Network Configuration Discovery - T1016
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Adversaries will likely look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp, ipconfig/ifconfig, nbtstat, and route. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as Lateral Movement, based on the information obtained. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User
Details Published Attributes CTI Title
Details Website 2023-09-22 56 Examining the Activities of the Turla APT Group
Details Website 2023-09-22 57 Examining the Activities of the Turla APT Group
Details Website 2023-09-18 85 Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis
Details Website 2023-09-18 90 DBatLoader: Actively Distributing Malwares Targeting European Businesses
Details Website 2023-09-17 36 RedLine Stealer : A new variant surfaces, Deploying using Batch Script - CYFIRMA
Details Website 2023-09-15 816 UNC3944: SMS Phishing, SIM Swapping, and Ransomware Attacks
Details Website 2023-09-14 35 Operation Rusty Flag – A Malicious Campaign Against Azerbaijanian Targets | Deep Instinct
Details Website 2023-08-28 135 HTML Smuggling Leads to Domain Wide Ransomware - The DFIR Report
Details Website 2023-08-25 195 Russia/Ukraine Update - August 2023
Details Website 2023-08-10 92 Common TTPs of attacks against industrial organizations. Implants for uploading data | Kaspersky ICS CERT
Details Website 2023-08-06 29 CVE-2023–3519 WebShell Implant
Details Website 2023-07-27 117 Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector
Details Website 2023-07-25 6 APT Profile: Kimsuky - SOCRadar® Cyber Intelligence Inc.
Details Website 2023-07-25 47 Decoding RomCom: Behaviors and Opportunities for Detection
Details Website 2023-07-20 33 Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells | CISA
Details Website 2023-07-06 239 Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA
Details Website 2023-06-15 53 Android GravityRAT goes after WhatsApp backups
Details Website 2023-06-06 18 UAC-0099 Activity Detection: Hackers Conduct Cyber-Espionage Operations Against Ukrainian State Bodies and Media Organizations - SOC Prime
Details Website 2023-06-02 91 Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure
Details Website 2023-06-01 34 SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations
Details Website 2023-05-25 17 Chinese State-Sponsored Cyber Actor Detection: Joint Cybersecurity Advisory (CSA) AA23-144a Sheds Light on Stealty Activity by Volt Typhoon Targeting U.S. Critical Infrastructure - SOC Prime
Details Website 2023-05-24 112 People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection | CISA
Details Website 2023-05-23 29 Anomali Cyber Watch: CloudWizard Targets Both Sides in Ukraine, Camaro Dragon Trojanized ​​TP-Link Firmware, RA Group Ransomware Copied Babuk
Details Website 2023-05-22 141 IcedID Macro Ends in Nokoyawa Ransomware - The DFIR Report
Details Website 2023-05-16 13 ✨Yet Another✨ mirai botnet ✨