Home >
Enterprise >
Participants >
Palo Alto Networks >
Ingress Tool Transfer (T1105)
|
|
Carbanak+FIN7 |
||||||||
Step | ATT&CK Pattern |
|
||||||
2.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
3.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
4.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
4.B.2
|
Tactic Command and Control (TA0011) |
|
||||||
5.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
5.A.2
|
Tactic Command and Control (TA0011) |
|
||||||
5.A.3
|
Tactic Command and Control (TA0011) |
|
||||||
5.A.4
|
Tactic Command and Control (TA0011) |
|
||||||
5.A.5
|
Tactic Command and Control (TA0011) |
|
||||||
7.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
7.C.1
|
Tactic Command and Control (TA0011) |
|
||||||
7.C.3
|
Tactic Command and Control (TA0011) |
|
||||||
9.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
9.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
10.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
10.A.2
|
Tactic Command and Control (TA0011) |
|
||||||
12.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
13.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
15.A.2
|
Tactic Command and Control (TA0011) |
|
||||||
15.A.3
|
Tactic Command and Control (TA0011) |
|
||||||
16.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
16.A.2
|
Tactic Command and Control (TA0011) |
|
||||||
17.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
19.B.3
|
Tactic Command and Control (TA0011) |
|
||||||
19.B.4
|
Tactic Command and Control (TA0011) |
|
||||||
20.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
20.B.3
|
Tactic Command and Control (TA0011) |
|
APT29 |
||||||||||
Step | ATT&CK Pattern |
|
||||||||
3.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||
4.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||
8.B.1
|
Tactic Command and Control (TA0011) |
|
||||||||
9.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||
9.A.2
|
Tactic Command and Control (TA0011) |
|
||||||||
14.B.3
|
Tactic Command and Control (TA0011) |
|
Procedure
Copied python.exe payload from a WebDAV share (192.168.0.4) to remote host Scranton (10.0.1.4)
Criteria
The file python.exe created on Scranton (10.0.1.4)
APT3 |
||||||||
Step | ATT&CK Pattern |
|
||||||
7.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
14.A.1.2
|
Tactic Command and Control (TA0011) |
|
||||||
16.E.1
|
Tactic Command and Control (TA0011) |
|
||||||
19.A.1.2
|
Tactic Command and Control (TA0011) |
|