Carbanak+FIN7
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
3.B.7
|
|
|
Minimum detection criteria was not met for this procedure.
|
|
powershell.exe transmits data to 192.168.0.4 over TCP
APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
1.A.3
|
|
|
Telemetry showed the rcs.3aka.doc connected to 192.168.0.5 on port 1234.
[1]
|
|
A General alert detection for "Attack, Backdoor" was generated when rcs.3aka3.doc connected to 192.168.0.5 on port 1234.
[1]
|
|
Established C2 channel (192.168.0.5) via rcs.3aka3.doc payload over TCP port 1234
Established network channel over port 1234
[1]
Established C2 channel (192.168.0.5) via rcs.3aka3.doc payload over TCP port 1234
Established network channel over port 1234
[1]