MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Discovery/ T1016

T1016System Network Configuration Discovery

T1016 — System Network Configuration Discovery is a MITRE ATT&CK technique in the Discovery tactic. Clankerusecase tracks 13 detection use cases covering it and 2 threat-intel articles citing it.

Discovery

View on the matrix → Filter Detection Library MITRE official spec ↗

13Use cases

2Articles

2Sub-techniques

1Tactic

Sub-techniques (2)

T1016.001 · Internet Connection Discovery T1016.002 · Wi-Fi Discovery

Use cases covering this technique (13)

Cisco IOS XE Reconnaissance Command Activity ESCU actions · hunting P Cisco NVM - Suspicious Network Connection to IP Lookup Service API ESCU actions · hunting P Linux Auditd System Network Configuration Discovery ESCU actions · hunting P Linux System Network Discovery ESCU actions · hunting P MacOS List Firewall Rules ESCU actions · hunting P Potential System Network Configuration Discovery Activity ESCU actions · hunting P Windows Common Abused Cmd Shell Risk Behavior ESCU actions · alerting P Windows Post Exploitation Risk Behavior ESCU actions · alerting P Windows PowerShell Invoke-RestMethod IP Information Collection ESCU actions · hunting P Windows System Network Config Discovery Display DNS ESCU actions · hunting P Windows WinPEAS PowerShell Script Execution ESCU actions · alerting P Detect processes used for System Network Configuration Discovery ESCU actions · alerting P [LLM] Python process spawning shell with TeamPCP recon chain (hostname; whoami; uname; ip addr fallback) Bespoke actions · alerting DSΣPDDCS

Articles citing this technique (2)

crit litellm: Credential Stealer Hidden in PyPI Wheel art-423

crit PlushDaemon compromises network devices for adversary-in-the-middle attacks art-695