ATT&CK 기법 · Discovery

Network Service Discovery T1046

이 기법을 다룬 REVELARE 한국어 위협 분석 2편 · Discovery

이 기법을 다룬 분석

JDY 봇넷: Volt Typhoon 연계 중국 정찰망, 1,500기기로 미 군사 네트워크 지도화

UAT-8302: OneDrive를 C2로 위장한 중국 APT, 3개 권역 정부 침투

MITRE 공식 정의

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation. Common methods to acquire this information include port, vulnerability, and/or wordlist scans using tools that are brought onto a system.(Citation: CISA AR21-126A FIVEHANDS May 2021) Within cloud environments, adversaries may attempt to discover services running on other cloud hosts. …

attack.mitre.org ↗ATT&CK 매트릭스

플랫폼: Containers, IaaS, Linux, macOS, Network Devices, Windows