Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or <code>net view</code> using Net. Adversaries may also use local host files (ex: <code>C:\Windows\System32\Drivers\etc\hosts</code> or <code>/etc/hosts</code>) in order to discover the hostname to IP address mappings of remote systems.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| cloud_armor | Cloud Armor | technique_scores | T1018 | Remote System Discovery |
| chronicle | Chronicle | technique_scores | T1018 | Remote System Discovery |
| firewalls | Firewalls | technique_scores | T1018 | Remote System Discovery |
| virtual_private_cloud | Virtual Private Cloud | technique_scores | T1018 | Remote System Discovery |