attack.t1482

Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems

Renamed AdFind Execution

Oct 18, 2023 · attack.discovery attack.t1018 attack.t1087.002 attack.t1482 attack.t1069.002 ·

Share on:

Detects the use of a renamed Adfind.exe. AdFind continues to be seen across majority of breaches. It is used to domain trust discovery to plan out subsequent steps in the attack chain.

DNS Server Discovery Via LDAP Query

Oct 4, 2023 · attack.discovery attack.t1482 ·

Share on:

Detects DNS server discovery via LDAP query requests from uncommon applications

Malicious PowerShell Commandlets - PoshModule

May 15, 2023 · attack.execution attack.discovery attack.t1482 attack.t1087 attack.t1087.001 attack.t1087.002 attack.t1069.001 attack.t1069.002 attack.t1069 attack.t1059.001 ·

Share on:

Detects Commandlet names from well-known PowerShell exploitation frameworks

SocGholish NLTest Domain Trust Enumeration (RedCanary Threat Detection Report)

May 10, 2023 · attack.discovery attack.t1482 ·

Share on:

Detects domain trust enumeration with nltest.exe, a procedure associated with SocGholish. Part of the RedCanary 2023 Threat Detection Report.

Malicious PowerShell Commandlets - ProcessCreation

Apr 21, 2023 · attack.execution attack.discovery attack.t1482 attack.t1087 attack.t1087.001 attack.t1087.002 attack.t1069.001 attack.t1069.002 attack.t1069 attack.t1059.001 ·

Share on:

Detects Commandlet names from well-known PowerShell exploitation frameworks

Malicious PowerShell Commandlets - ScriptBlock

Apr 21, 2023 · attack.execution attack.discovery attack.t1482 attack.t1087 attack.t1087.001 attack.t1087.002 attack.t1069.001 attack.t1069.002 attack.t1069 attack.t1059.001 ·

Share on:

Detects Commandlet names from well-known PowerShell exploitation frameworks

HackTool - TruffleSnout Execution

Feb 16, 2023 · attack.discovery attack.t1482 ·

Share on:

Detects the use of TruffleSnout.exe an iterative AD discovery toolkit for offensive operators, situational awareness and targeted low noise enumeration.

Domain Trust Discovery Via Dsquery

Feb 3, 2023 · attack.discovery attack.t1482 ·

Share on:

Detects execution of "dsquery.exe" for domain trust discovery

AdFind Discovery

Jan 8, 2023 · attack.remote_system_discovery attack.domain_trust_discovery attack.T1018 attack.T1482 attack.TT1482 attack.T1069.002 attack.T1087.002 attack.s0552 ·

Share on:

AdFind has been seen in numerous intrusions. The threat actor(s) ran these commands.