1. Home
  2. Software
  3. Arp

Arp

Arp displays and modifies information about a system's Address Resolution Protocol (ARP) cache. [1]

ID: S0099
Associated Software: arp.exe
Type: TOOL
Platforms: Linux, Windows, macOS
Version: 1.2
Created: 31 May 2017
Last Modified: 25 July 2023
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1018 Remote System Discovery

Arp can be used to display a host's ARP cache, which may include address resolutions for remote systems.[1][2]
Enterprise T1016 System Network Configuration Discovery

Arp can be used to display ARP configuration information on the host.[1]

Groups That Use This Software

ID Name References
G0010 Turla

[3]
G0050 APT32

[4]
G0071 Orangeworm

[5]

Campaigns

ID Name Description
C0026 C0026

[6]

References

  1. Microsoft. (n.d.). Arp. Retrieved April 17, 2016.
  2. Palo Alto Networks. (2021, November 24). Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe. Retrieved December 7, 2021.
  3. Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
  1. Dahan, A. (2017). Operation Cobalt Kitty. Retrieved December 27, 2018.
  2. Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.
  3. Hawley, S. et al. (2023, February 2). Turla: A Galaxy of Opportunity. Retrieved May 15, 2023.