Remote System Discovery Commands

Commands used to obtain information about the remote system.

id:9be90e44-c0f7-4fd2-9378-be00c25a02d7 categories:enrich confidence:low os:windows created:7/26/2019 updated:7/26/2019

MITRE ATT&CK™ Mapping

tactics:Discovery techniques:T1018 Remote System Discovery

Query

process where subtype.create and (
  process_name == "nbtstat.exe" and wildcard(command_line, "* -n*", "* -s*") or
  process_name == "arp.exe" and command_line == "* -a*"
)

Contributors

• Endgame