Home >
Enterprise >
Participants >
Bitdefender >
Remote System Discovery (T1018)
|
|
Carbanak+FIN7 |
||||||||||||
Step | ATT&CK Pattern |
|
||||||||||
4.A.2
|
Tactic Discovery (TA0007) |
|
||||||||||
5.B.7
![]() |
Tactic Discovery (TA0007) |
|
||||||||||
6.A.2
|
Tactic Discovery (TA0007) |
|
||||||||||
15.A.8
|
Tactic Discovery (TA0007) |
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
8.A.1
|
Tactic Discovery (TA0007) |
|
||
16.A.1
|
Tactic Discovery (TA0007) |
|
Procedure
Enumerated remote systems using LDAP queries
Criteria
powershell.exe making LDAP queries over port 389 to the Domain Controller (10.0.0.4)
Footnotes
- The logic for this detection was enabled after the start of the evaluation so the detection is identified as a Detection Configuration Change.

