Carbanak+FIN7
|
The technique was not in scope.
|
APT29
|
The technique was not in scope.
|
APT3
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
9.B.1.1
|
|
|
Minimum detection criteria was not met for this procedure.
|
|
18.B.1.2
|
|
|
Minimum detection criteria was not met for this procedure.
[1]
|
|
Cobalt Strike: Built-in download capability executed to a collect file (Shockwave_rackb_diagram.vsdx) from a network shared drive (Wormshare) on Conficker (10.0.0.5)
-
The vendor stated that by default WDATP monitored activities around all the most used documents (doc, xls, ppt pdf, etc) at the time of the evaluation. Subsequently, the vendor made changes to enable the visibility of .vsdx events by default, which is now available in WDATP.
Empire: 'copy' via PowerShell collected a file (Shockwave_network.vsdx) from a network shared drive (Wormshare) on Conficker (10.0.0.5)
-
Vendor states that by default WDATP monitors activities around all the most used documents (doc, xls, ppt pdf, etc) at the time of test.
[1]