Windows Network Enumeration

Identifies attempts to enumerate hosts in a network using the built-in Windows net.exe tool.

id:b8a94d2f-dc75-4630-9d73-1edc6bd26fff categories:detect confidence:low os:windows created:11/30/2018 updated:11/30/2018

MITRE ATT&CK™ Mapping

tactics:Discovery techniques:T1018 Remote System Discovery

Query

process where subtype.create and
    process_name == "net.exe" and command_line == "* view*" and command_line != "*\\\\*"

Detonation

Atomic Red Team: T1018

Contributors

• Endgame