Show in Graph
Common Information
Type Value
Value 
System Network Connections Discovery - T1049
Category Attack-Pattern
Type Mitre-Enterprise-Attack-Attack-Pattern
Misp Type Cluster
Description Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network. ===Windows=== Utilities and commands that acquire this information include netstat, "net use," and "net session" with Net. ===Mac and Linux === In Mac and Linux, <code>netstat</code> and <code>lsof</code> can be used to list current connections. <code>who -a</code> and <code>w</code> can be used to show which users are currently logged in, similar to "net session". Detection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as Lateral Movement, based on the information obtained. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell. Platforms: Linux, macOS, Windows Data Sources: Process command-line parameters, Process monitoring Permissions Required: User, Administrator
Details Published Attributes CTI Title
Details Website 2024-11-04 27 Jumpy Pisces Threat Intel
Details Website 2024-11-04 35 G700 : The Next Generation of Craxs RAT - CYFIRMA
Details Website 2024-11-01 39 Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc.
Details Website 2024-10-11 71 Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
Details Website 2024-09-27 123 Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse — Elastic Security Labs
Details Website 2024-09-09 41 Earth Preta Evolves its Attacks with New Malware and Strategies
Details Website 2024-09-09 41 Earth Preta Evolves its Attacks with New Malware and Strategies
Details Website 2024-07-25 59 How APT groups operate in Southeast Asia
Details Website 2024-05-16 23 Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
Details Website 2024-04-11 24 Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
Details Website 2024-02-20 137 Earth Preta Campaign Uses DOPLUGS to Target Asia
Details Website 2024-01-04 63 ATT&CK을 이용해 스스로 평가하기(APT3, Second Scenario)
Details Website 2023-12-06 198 Russia/Ukraine Update - December 2023
Details Website 2023-10-23 273 Red Team Tools
Details Website 2023-10-11 99 Qakbot evolves to OneNote Malware Distribution
Details Website 2023-08-25 195 Russia/Ukraine Update - August 2023
Details Website 2023-08-18 77 WARNING: NEW ATTACK CAMPAIGN UTILIZED A NEW 0-DAY RCE VULNERABILITY ON MICROSOFT EXCHANGE SERVER
Details Website 2023-07-27 117 Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector
Details Website 2023-06-05 30 Ransomware Spotlight: TargetCompany - Security News
Details Website 2023-05-30 112 Russia/Ukraine Update - May 2023
Details Website 2023-05-10 66 CACTUS ransomware | Cyber Threat Intelligence | Kroll
Details Website 2023-04-19 22 Atomic Red Team Walkthrough — TryHackMe
Details Website 2023-03-22 12 Ferrari Data Breach Disclosed: Attackers Gain Access to the Company’s Network While Demanding Ransom to Prevent Data Leakage - SOC Prime
Details Website 2023-03-22 9 APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.
Details Website 2023-03-06 9 Dark Web Profile: NoName057(16) - SOCRadar