attack.t1046

Advanced Port Scanner
level
status experimental

Detects the use of Advanced Port Scanner.

Suspicious Nmap Execution
level
status experimental

Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation

Python Initiated Connection
level
status experimental

Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation

Advanced IP Scanner
level
status experimental

Detects the use of Advanced IP Scanner. Seems to be a popular tool for ransomware groups.

Network Scans Count By Destination Port
level
status experimental

Detects many failed connection attempts to different ports or hosts

Network Scans Count By Destination IP
level
status test

Detects many failed connection attempts to different ports or hosts

MacOS Network Service Scanning
level
status test

Detects enumeration of local or remote network services.

Linux Network Service Scanning
level
status experimental

Detects enumeration of local or remote network services.

Sponsored by

Phish Report logo
With Phish Report you can achieve streamlined phishing takedowns using your existing security team.