Common Information
| Type | Value |
|---|---|
| Value |
System Network Connections Discovery - T1421 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to get a listing of network connections to or from the compromised device they are currently accessing or from remote systems by querying for information over the network. This is typically accomplished by utilizing device APIs to collect information about nearby networks, such as Wi-Fi, Bluetooth, and cellular tower connections. On Android, this can be done by querying the respective APIs: * `WifiInfo` for information about the current Wi-Fi connection, as well as nearby Wi-Fi networks. Querying the `WiFiInfo` API requires the application to hold the `ACCESS_FINE_LOCATION` permission. * `BluetoothAdapter` for information about Bluetooth devices, which also requires the application to hold several permissions granted by the user at runtime. * For Android versions prior to Q, applications can use the `TelephonyManager.getNeighboringCellInfo()` method. For Q and later, applications can use the `TelephonyManager.getAllCellInfo()` method. Both methods require the application hold the `ACCESS_FINE_LOCATION` permission. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-04 | 27 | Jumpy Pisces Threat Intel | ||
| Details | Website | 2024-11-04 | 35 | G700 : The Next Generation of Craxs RAT - CYFIRMA | ||
| Details | Website | 2024-11-01 | 39 | Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-10-11 | 71 | Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-09-27 | 123 | Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs | ||
| Details | Website | 2024-09-09 | 41 | Earth Preta Evolves its Attacks with New Malware and Strategies | ||
| Details | Website | 2024-09-09 | 41 | Earth Preta Evolves its Attacks with New Malware and Strategies | ||
| Details | Website | 2024-07-25 | 59 | How APT groups operate in Southeast Asia | ||
| Details | Website | 2024-05-16 | 23 | Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024 | ||
| Details | Website | 2024-04-11 | 24 | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear | ||
| Details | Website | 2024-02-20 | 137 | Earth Preta Campaign Uses DOPLUGS to Target Asia | ||
| Details | Website | 2024-01-04 | 63 | ATT&CK을 이용해 스스로 평가하기(APT3, Second Scenario) | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-10-23 | 273 | Red Team Tools | ||
| Details | Website | 2023-10-11 | 99 | Qakbot evolves to OneNote Malware Distribution | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-18 | 77 | WARNING: NEW ATTACK CAMPAIGN UTILIZED A NEW 0-DAY RCE VULNERABILITY ON MICROSOFT EXCHANGE SERVER | ||
| Details | Website | 2023-07-27 | 117 | Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector | ||
| Details | Website | 2023-06-05 | 30 | Ransomware Spotlight: TargetCompany - Security News | ||
| Details | Website | 2023-05-30 | 112 | Russia/Ukraine Update - May 2023 | ||
| Details | Website | 2023-05-10 | 66 | CACTUS ransomware | Cyber Threat Intelligence | Kroll | ||
| Details | Website | 2023-03-22 | 12 | Ferrari Data Breach Disclosed: Attackers Gain Access to the Company’s Network While Demanding Ransom to Prevent Data Leakage - SOC Prime | ||
| Details | Website | 2023-03-22 | 9 | APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2023-03-06 | 9 | Dark Web Profile: NoName057(16) - SOCRadar | ||
| Details | Website | 2023-03-02 | 199 | Russia/Ukraine Update - February 2023 |