Show in Graph
Common Information
Type Value
Value 
System Network Configuration Discovery - T1016
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Adversaries will likely look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp, ipconfig/ifconfig, nbtstat, and route. Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as Lateral Movement, based on the information obtained. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User
Details Published Attributes CTI Title
Details Website 2023-05-01 47 SeroXen RAT for sale
Details Website 2023-04-28 32 Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo
Details Website 2023-04-19 19 New Variants of Qakbot Banking Trojan
Details Website 2023-04-10 86 Threat Actor Spotlight: RagnarLocker Ransomware
Details Website 2023-04-04 7 Making Waves: TTP Intelligence Highlights in March
Details Website 2023-04-03 26 ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access | Mandiant
Details Website 2023-04-01 55 The Rise of FusionCore An Emerging Cybercrime Group from Europe - CYFIRMA
Details Website 2023-03-27 90 DBatLoader Actively Distributing Malwares Targeting Europea
Details Website 2023-03-22 9 APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.
Details Website 2023-03-21 52 Notorious SideCopy APT group sets sights on India's DRDO
Details Website 2023-03-20 43 IcedID & Qakbot's VNC Backdoors: Dark Cat, Anubis & Keyhole
Details Website 2023-03-16 13 SafeBreach Coverage for US-CERT Alert (AA23-074A) – Telerik Vulnerability in IIS Server
Details Website 2023-03-16 78 Bee-Ware of Trigona, An Emerging Ransomware Strain
Details Website 2023-03-16 75 Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation | Mandiant
Details Website 2023-03-14 36 Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam
Details Website 2023-03-09 38 DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection | Deep Instinct
Details Website 2023-03-06 9 Dark Web Profile: NoName057(16) - SOCRadar
Details Website 2023-03-02 199 Russia/Ukraine Update - February 2023
Details Website 2023-03-01 103 BlackLotus UEFI bootkit: Myth confirmed | WeLiveSecurity
Details Website 2023-02-28 44 CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA
Details Website 2023-02-28 56 Anomali Cyber Watch: Newly-Discovered WinorDLL64 Backdoor Has Code Similarities with Lazarus GhostSecret, Atharvan Backdoor Can Be Restricted to Communicate on Certain Days
Details Website 2023-02-23 27 WinorDLL64: A backdoor from the vast Lazarus arsenal? | WeLiveSecurity
Details Website 2023-02-20 215 Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity - Part 1
Details Website 2023-02-14 37 CUBA Ransomware Malware Analysis — Elastic Security Labs
Details Website 2023-01-31 41 Rapid7 observes use of Microsoft OneNote to spread Redline Infostealer | Rapid7 Blog