Skip to content

S0590 NBTscan

NBTscan is an open source tool that has been used by state groups to conduct internal reconnaissance within a compromised network.1234

Item Value
ID S0590
Associated Names
Version 1.0
Created 17 March 2021
Last Modified 24 April 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1046 Network Service Discovery NBTscan can be used to scan IP networks.12
enterprise T1040 Network Sniffing NBTscan can dump and print whole packet content.12
enterprise T1018 Remote System Discovery NBTscan can list NetBIOS computer names.12
enterprise T1016 System Network Configuration Discovery NBTscan can be used to collect MAC addresses.12
enterprise T1033 System Owner/User Discovery NBTscan can list active users on the system.12

Groups That Use This Software

ID Name References
G0129 Mustang Panda 5
G0131 Tonto Team 6
G0010 Turla 3
G1006 Earth Lusca 8
G0027 Threat Group-3390 910
G0135 BackdoorDiplomacy 11
G0087 APT39 4