Skip to content

DS0035 Internet Scan

Information obtained (commonly via active network traffic probes or web crawling) regarding various types of resources and servers connected to the public Internet

Item Value
ID DS0035
Platforms PRE
Collection Layers OSINT
Version 1.0
Created 20 October 2021
Last Modified 20 October 2021

Data Components

Response Content

Logged network traffic in response to a scan showing both protocol header and body values

Domain ID Name
enterprise T1583 Acquire Infrastructure
enterprise T1583.003 Virtual Private Server
enterprise T1583.004 Server
enterprise T1583.006 Web Services
enterprise T1583.007 Serverless
enterprise T1583.008 Malvertising
enterprise T1584 Compromise Infrastructure
enterprise T1584.003 Virtual Private Server
enterprise T1584.004 Server
enterprise T1584.006 Web Services
enterprise T1584.007 Serverless
enterprise T1587 Develop Capabilities
enterprise T1587.003 Digital Certificates
enterprise T1592 Gather Victim Host Information
enterprise T1592.001 Hardware
enterprise T1592.002 Software
enterprise T1592.004 Client Configurations
enterprise T1588 Obtain Capabilities
enterprise T1588.004 Digital Certificates
enterprise T1608 Stage Capabilities
enterprise T1608.001 Upload Malware
enterprise T1608.002 Upload Tool
enterprise T1608.003 Install Digital Certificate
enterprise T1608.004 Drive-by Target
enterprise T1608.005 Link Target
enterprise T1608.006 SEO Poisoning

Response Metadata

Contextual data about an Internet-facing resource gathered from a scan, such as running services or ports

Domain ID Name
enterprise T1583 Acquire Infrastructure
enterprise T1583.003 Virtual Private Server
enterprise T1583.004 Server
enterprise T1584 Compromise Infrastructure
enterprise T1584.003 Virtual Private Server
enterprise T1584.004 Server

References

  1. ThreatConnect. (2020, December 15). Infrastructure Research and Hunting: Boiling the Domain Ocean. Retrieved October 12, 2021. 

  2. Stephens, A. (2020, July 13). SCANdalous! (External Detection Using Network Scan Data and Automation). Retrieved October 12, 2021. 

  3. Koczwara, M. (2021, September 7). Hunting Cobalt Strike C2 with Shodan. Retrieved October 12, 2021. 

  4. Blasco, J. (2014, August 28). Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks. Retrieved October 19, 2020. 

  5. Kovar, R. (2017, December 11). Tall Tales of Hunting with TLS/SSL Certificates. Retrieved October 16, 2020.