Home >
Enterprise >
Participants >
FireEye >
Non-Application Layer Protocol (T1095)
|
|
See technique results for:
Carbanak+FIN7 |
||||
Step | ATT&CK Pattern |
|
||
3.B.7
|
Tactic Command and Control (TA0011) |
|
APT29 |
||||||||
Step | ATT&CK Pattern |
|
||||||
1.A.3
|
Tactic Command and Control (TA0011) |
|
Procedure
Established C2 channel (192.168.0.5) via rcs.3aka3.doc payload over TCP port 1234
Criteria
Established network channel over port 1234
Footnotes
- The logic for this detection was enabled after the start of the evaluation so the detection is identified as a Detection Configuration Change.


APT3 |
||
The technique was not in scope. |