Home >
Enterprise >
Participants >
McAfee >
Native API (T1106)
|
|
Carbanak+FIN7 |
||||||||
Step | ATT&CK Pattern |
|
||||||
3.B.6
|
Tactic Execution (TA0002) |
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
4.C.10
|
Tactic Execution (TA0002) |
|
||
4.C.12
|
Tactic Execution (TA0002) |
|
||
10.B.2
|
Tactic Execution (TA0002) |
|
||
16.B.2
|
Tactic Execution (TA0002) |
|
Procedure
Executed API call by reflectively loading Netapi32.dll
Criteria
The NetUserGetGroups API function loaded into powershell.exe from Netapi32.dll
APT3 |
||
The technique was not in scope. |