EXPLORE

← Back to Explore

T1049

System Network Connections Discovery

Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network. An adversary who gains access to a system that is part of a cloud-based environment may map out Virtual Private Clouds or Virtual Networks in order to determine what systems and services are connected. The actions performed are likely the same types of discovery techniques depending on the operating s...

ESXiIaaSLinuxmacOSNetwork DevicesWindows

22

Detections

3

Sources

32

Threat Actors

BY SOURCE

8sigma8splunk_escu6elastic

PROCEDURES (13)

Process Creation Monitoring3 detections

Auto-extracted: 3 detections for process creation monitoring

Remote2 detections

Auto-extracted: 2 detections for remote

Remote2 detections

Auto-extracted: 2 detections for remote

Service2 detections

Auto-extracted: 2 detections for service

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Remote2 detections

Auto-extracted: 2 detections for remote

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Privilege1 detections

Auto-extracted: 1 detections for privilege

Privilege1 detections

Auto-extracted: 1 detections for privilege

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Service1 detections

Auto-extracted: 1 detections for service

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

DETECTIONS (22)

Cisco Discovery

DNS Enumeration Detected via Defend for Containers

Enumeration Command Spawned via WMIPrvSE

GetNetTcpconnection with PowerShell

GetNetTcpconnection with PowerShell Script Block

HackTool - SharpView Execution

Net.EXE Execution

Network Connection Discovery With Arp

Network Connection Discovery With Netstat

Suspicious JetBrains TeamCity Child Process

Suspicious MS Office Child Process

Suspicious System Commands Executed by Previously Unknown Executable

System Network Connections Discovery - Linux

System Network Connections Discovery - MacOs

sigmainformational

System Network Connections Discovery Via Net.EXE

Unusual Linux Network Connection Discovery

Use Get-NetTCPConnection

Use Get-NetTCPConnection - PowerShell Module

Windows Common Abused Cmd Shell Risk Behavior

Windows Network Connection Discovery Via Net

Windows Post Exploitation Risk Behavior

Windows System Network Connections Discovery Netsh