Network Information Discovery

Adversaries may use device sensors to collect information about nearby networks, such as Wi-Fi and Bluetooth.

ID: T1507
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Collection
Platforms: Android
Version: 1.0
Created: 10 July 2019
Last Modified: 10 July 2019
Provided by LAYER 8

Procedure Examples

ID Name Description
S0405 Exodus

Exodus Two collects a list of nearby base stations.[1]

S0509 FakeSpy

FakeSpy can collect the device’s network information.[2]

S0408 FlexiSpy

FlexiSpy can collect a list of known Wi-Fi access points.[3]

S0407 Monokle

Monokle can retrieve nearby cell tower and Wi-Fi network information.[4]

S0399 Pallas

Pallas gathers and exfiltrates data about nearby Wi-Fi access points.[5]

S0506 ViperRAT

ViperRAT can collect the device’s cell tower information.[6]


This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.