Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1049 | System Network Connections Discovery |
netstat can be used to enumerate local network connections, including active TCP connections and other network statistics.[1] |
ID | Name | References |
---|---|---|
G1001 | HEXANE | |
G0004 | Ke3chang | |
G0010 | Turla | |
G0071 | Orangeworm | |
G0096 | APT41 | |
G0049 | OilRig | |
G0027 | Threat Group-3390 | |
G1022 | ToddyCat | |
G0018 | admin@338 | |
G1017 | Volt Typhoon | |
G1023 | APT5 |
ID | Name | Description |
---|---|---|
C0026 | C0026 | |
C0007 | FunnyDream | |
C0014 | Operation Wocao |
During Operation Wocao, threat actors used netstat to identify specific ports.[18] |