EXPLORE
Sign In
← Back to Explore
T1590

Gather Victim Network Information

Adversaries may gather information about the victim's networks that can be used during targeting. Information about networks may include a variety of details, including administrative data (ex: IP ranges, domain names, etc.) as well as specifics regarding its topology and operations. Adversaries may gather this information in various ways, such as direct collection actions via [Active Scanning](https://attack.mitre.org/techniques/T1595) or [Phishing for Information](https://attack.mitre.org/tec...

PRE
4
Detections
3
Sources
3
Threat Actors

BY SOURCE

2sigma1elastic1splunk_escu

PROCEDURES (3)

Exfiltrat2 detections

Auto-extracted: 2 detections for exfiltrat

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Dns1 detections

Auto-extracted: 1 detections for dns

THREAT ACTORS (3)

HAFNIUMIndrik SpiderVolt Typhoon

DETECTIONS (4)

Local LLM Framework DNS Query
splunk_escu
PUA - Advanced IP/Port Scanner Update Check
sigmamedium
Spike in Firewall Denies
elasticlow
Suspicious DNS Query for IP Lookup Service APIs
sigmamedium