Ping is an operating system utility commonly used to troubleshoot and verify network connections. [1]

ID: S0097
Type: TOOL
Version: 1.4
Created: 31 May 2017
Last Modified: 06 September 2023

Techniques Used

Domain ID Name Use
Enterprise T1018 Remote System Discovery

Ping can be used to identify remote systems within a network.[1]

Groups That Use This Software


ID Name Description
C0017 C0017

During C0017, APT41 issued Ping commands to trigger DNS resolutions for data exfiltration, where the output of a reconnaissance command was prepended to subdomains within APT41's Cloudflare C2 infrastructure.[15]

C0018 C0018

During C0018, the threat actors used a PowerShell script to execute Ping commands once every minute against a domain controller.[20]