netstat

netstat is an operating system utility that displays active TCP connections, listening ports, and network statistics. [1]

ID: S0104
Type: TOOL
Version: 1.3
Created: 31 May 2017
Last Modified: 23 January 2024

Techniques Used

Domain ID Name Use
Enterprise T1049 System Network Connections Discovery

netstat can be used to enumerate local network connections, including active TCP connections and other network statistics.[1]

Groups That Use This Software

Campaigns

ID Name Description
C0026 C0026

[16]

C0007 FunnyDream

[17]

C0014 Operation Wocao

During Operation Wocao, threat actors used netstat to identify specific ports.[18]

References