Tip
- There are a number of network scanning and profiling tools available online that are designed to help administrators and IT professionals with tasks such as discovering and mapping network devices, performing detailed scans of IP addresses and open ports, and querying network services like Active Directory.
Important
- Malicious adversaries leverage these network management tools to perform reconnaissance and gather detailed information about a target network.
- They can use these tools to identify active devices, open ports, and vulnerabilities, which could then be exploited to gain entry.
- Additionally, querying tools for active directory services could allow them to harvest sensitive information about users, groups, and permissions, facilitating targeted attacks or insider threats.
- Essentially, these tools, while valuable for legitimate network management, can be misused to map out and exploit network infrastructures for nefarious purposes.
| Tool Name | Threat Group Usage |
|---|---|
| Acunetix | EMBER BEAR |
| Amass | EMBER BEAR |
| AADInternals | COZY BEAR |
| AdFind | COZY BEAR |
| Adminer | EMBER BEAR |
| Angry IP Scanner | BERSERK BEAR |
| Bloodhound | COZY BEAR, EMBER BEAR |
| Droopescan | EMBER BEAR |
| DSInternals | COZY BEAR |
| JoomScan | EMBER BEAR |
| LdapDomainDump | EMBER BEAR |
| NBTScan | Turla |
| Nmap | EMBER BEAR |
| Masscan | EMBER BEAR |
| RoadTools | COZY BEAR |
| SScan | Turla |
| WPScan | EMBER BEAR |