EXPLORE
Sign In
← Back to Explore
T1590

Gather Victim Network Information

Adversaries may gather information about the victim's networks that can be used during targeting. Information about networks may include a variety of details, including administrative data (ex: IP ranges, domain names, etc.) as well as specifics regarding its topology and operations. Adversaries may gather this information in various ways, such as direct collection actions via [Active Scanning](https://attack.mitre.org/techniques/T1595) or [Phishing for Information](https://attack.mitre.org/tec...

PRE
5
Detections
3
Sources
3
Threat Actors

BY SOURCE

2sigma2splunk_escu1elastic

PROCEDURES (4)

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Service1 detections

Auto-extracted: 1 detections for service

Service1 detections

Auto-extracted: 1 detections for service

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

THREAT ACTORS (3)

HAFNIUMIndrik SpiderVolt Typhoon

DETECTIONS (5)

Local LLM Framework DNS Query
splunk_escu
PUA - Advanced IP/Port Scanner Update Check
sigmamedium
Spike in Firewall Denies
elasticlow
Suspicious DNS Query for IP Lookup Service APIs
sigmamedium
Windows WinPEAS PowerShell Script Execution
splunk_escu