![]() Koadic can scan for open TCP ports on the target network. InvisiMole can scan the network for open ports and vulnerable instances of RDP and SMB protocols. Industroyer uses a custom port scanner to map out a network. Hildegard has used masscan to look for kubelets in the internal Kubernetes network. HermeticWizard has the ability to scan ports on a compromised network. HDoor scans to identify open ports on the victim. įox Kitten has used tools including NMAP to conduct broad scanning to identify open ports. įIN6 used publicly available tools (including Microsoft's built-in SQL querying tool, osql.exe) to map the internal network and conduct reconnaissance against Active Directory, Structured Query Language (SQL) servers, and NetBIOS. Įmpire can perform port scans from an infected host. ĭarkVishnya performed port scanning to obtain the list of active services. ĭuring CostaRicto, the threat actors employed nmap and pscan to scan target environments. Ĭonficker scans for other machines to infect. Ĭobalt Strike can perform port scans from an infected host. Ĭobalt Group leveraged an open-source tool called SoftPerfect Network Scanner to perform network scanning. Ĭhina Chopper's server component can spider authentication portals. Ĭhimera has used the get -b -e -p command for network scanning as well as a custom Python tool packed into a Windows executable named Get.exe to scan IP ranges for HTTP. Ĭaterpillar WebShell has a module to use a port scanner on a system. ![]() ![]() ĭuring C0018, the threat actors used the SoftPerfect Network Scanner for network scanning. īrute Ratel C4 can conduct port scanning against targeted systems. īlackTech has used the SNScan tool to find other potential targets on victim networks. īlackEnergy has conducted port scans on a host. īackdoorDiplomacy has used SMBTouch, a vulnerability scanner, to determine whether a target is vulnerable to EternalBlue malware. īackdoor.Oldrea can use a network scanning module to identify ICS-related ports. ĪPT41 used a malware variant called WIDETONE to conduct port scans on specified subnets. ĪPT39 has used CrackMapExec and a custom port scanner known as BLUETORCH for network scanning. ![]() APT32 performed network scanning on the network to search for open ports, services, OS finger-printing, and other vulnerabilities.
0 Comments
Leave a Reply. |