get socket information

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: get socket information
    namespace: communication/socket
    authors:
      - michael.hunhoff@mandiant.com
    scopes:
      static: function
      dynamic: call
    att&ck:
      - Discovery::System Network Configuration Discovery [T1016]
  features:
    - or:
      - api: ws2_32.getsockname
      - api: ws2_32.#6 = getsockname

last edited: 2024-04-23 12:20:28