Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1018 | Remote System Discovery |
Ping can be used to identify remote systems within a network.[1] |
ID | Name | Description |
---|---|---|
C0017 | C0017 |
During C0017, APT41 issued Ping commands to trigger DNS resolutions for data exfiltration, where the output of a reconnaissance command was prepended to subdomains within APT41's Cloudflare C2 infrastructure.[15] |
C0018 | C0018 |
During C0018, the threat actors used a PowerShell script to execute Ping commands once every minute against a domain controller.[21] |