EXPLORE

← Back to Explore

T1595.002

Vulnerability Scanning

Adversaries may scan victims for vulnerabilities that can be used during targeting. Vulnerability scans typically check if the configuration of a target host/application (ex: software and version) potentially aligns with the target of a specific exploit the adversary may seek to use. These scans may also include more broad attempts to [Gather Victim Host Information](https://attack.mitre.org/techniques/T1592) that can be used to identify more commonly known, exploitable vulnerabilities. Vulnera...

PRE

12

Detections

3

Sources

13

Threat Actors

BY SOURCE

6elastic5splunk_escu1sigma

PROCEDURES (8)

Lateral3 detections

Auto-extracted: 3 detections for lateral

Unusual2 detections

Auto-extracted: 2 detections for unusual

Network Connection Monitoring2 detections

Auto-extracted: 2 detections for network connection monitoring

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Lateral1 detections

Auto-extracted: 1 detections for lateral

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

THREAT ACTORS (13)

APT28 APT29 APT41 Aquatic Panda Dragonfly Earth Lusca Ember Bear Leviathan Magic Hound Sandworm Team TeamTNT Volatile Cedar Winter Vivern

DETECTIONS (12)

Cisco Secure Firewall - Blocked Connection

Cisco Secure Firewall - High Volume of Intrusion Events Per Host

Cisco Secure Firewall - Repeated Blocked Connections

DNS Query to External Service Interaction Domains

Internal Vulnerability Scan

Potential Linux Hack Tool Launched

Potential Spike in Web Server Error Logs

Web Server Discovery or Fuzzing Activity

Web Server Potential Command Injection Request

Web Server Potential Spike in Error Response Codes

Web Server Suspicious User Agent Requests

Windows Detect Network Scanner Behavior