attack.t1016

Suspicious Network Connection to IP Lookup Service APIs
May 15, 2023 · attack.discovery attack.t1016 ·
Share on:
Detects external IP address lookups by non-browser processes via services such as "api.ipify.org". This could be indicative of potential post compromise internet test activity.

Read More
System Network Discovery - Linux
Apr 5, 2023 · attack.discovery attack.t1016 ·
Share on:
Detects enumeration of local network configuration

Read More
Suspicious Firewall Configuration Discovery Via Netsh.EXE
Feb 14, 2023 · attack.discovery attack.t1016 ·
Share on:
Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems

Read More
Potential Recon Activity Via Nltest.EXE
Feb 4, 2023 · attack.discovery attack.t1016 attack.t1482 ·
Share on:
Detects nltest commands that can be used for information discovery

Read More
Nltest.EXE Execution
Feb 3, 2023 · attack.discovery attack.t1016 attack.t1018 attack.t1482 ·
Share on:
Detects nltest commands that can be used for information discovery

Read More
Nslookup Local
Jan 9, 2023 · attack.discovery attack.t1016 ·
Share on:
Detects use of nslookup to look up the local nameserver as part of host discovery

Read More
Cisco Discovery
Jan 4, 2023 · attack.discovery attack.t1083 attack.t1201 attack.t1057 attack.t1018 attack.t1082 attack.t1016 attack.t1049 attack.t1033 attack.t1124 ·
Share on:
Find information about network devices that is not stored in config files

Read More
System Network Discovery - macOS
Dec 29, 2022 · attack.discovery attack.t1016 ·
Share on:
Detects enumeration of local network configuration

Read More
Suspicious Network Command
Oct 28, 2022 · attack.discovery attack.t1016 ·
Share on:
Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems

Read More