Home >
Enterprise >
Participants >
GoSecure >
Remote System Discovery (T1018)
|
|
Carbanak+FIN7 |
||||
Step | ATT&CK Pattern |
|
||
4.A.2
|
Tactic Discovery (TA0007) |
|
||
5.B.7
![]() |
Tactic Discovery (TA0007) |
|
||
6.A.2
|
Tactic Discovery (TA0007) |
|
||
15.A.8
|
Tactic Discovery (TA0007) |
|
Criteria
powershell.exe executes Get-NetComputer to query LDAP (port 389) via a network connection to 10.0.0.4
Criteria
User kmitnick enumerates the domain controller via nslookup, which queries for the DC (10.0.0.4) over DNS (port 53)
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
8.A.1
|
Tactic Discovery (TA0007) |
|
||||
16.A.1
|
Tactic Discovery (TA0007) |
|
APT3 |
||||
Step | ATT&CK Pattern |
|
||
4.A.1
|
Tactic Discovery (TA0007) |
|
||
4.A.2
|
Tactic Discovery (TA0007) |
|
||
13.A.1
|
Tactic Discovery (TA0007) |
|