System Location Discovery (T1614)

View on ATT&CK

In Playbook

Technique & Subtechniques

Associated Tactics

  • Discovery

Discovery (TA0007)

The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.

View on ATT&CK

Procedure Examples

Description Source(s)
Abrams, L. (2020, October 23). New RAT malware gets commands via Discord, has ransomware feature. Retrieved April 1, 2021. Bleepingcomputer RAT malware 2020
Amazon. (n.d.). Instance identity documents. Retrieved April 2, 2021. AWS Instance Identity Documents
Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved April 1, 2021. Securelist Trasparent Tribe 2020
FBI. (2020, November 19). Indicators of Compromise Associated with Ragnar Locker Ransomware. Retrieved September 12, 2024. FBI Ragnar Locker 2020
Microsoft. (2021, February 21). Azure Instance Metadata Service (Windows). Retrieved April 2, 2021. Microsoft Azure Instance Metadata 2021
Wisniewski, C. (2016, May 3). Location-based threats: How cybercriminals target you based on where you live. Retrieved April 1, 2021. Sophos Geolocation 2016