Home >
Enterprise >
Participants >
GoSecure >
Unsecured Credentials (T1552)
|
|
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
6.A.1
|
Tactic Credential Access (TA0006) Subtechnique Unsecured Credentials: Credentials in Files (T1552.001) |
|
||||
6.B.1
|
|
APT3 |
||||
Step | ATT&CK Pattern |
|
||
15.B.1
|
Tactic Credential Access (TA0006) Subtechnique Unsecured Credentials: Credentials in Files (T1552.001) |
|
Procedure
Empire: 'get-content' via PowerShell to collect sensitive file (it_tasks.txt) from a network shared drive (Wormshare) on Conficker (10.0.0.5)
Footnotes
- Vendor modified configurations between scenario one and two, but MITRE assesses the change did not significantly affect results for this detection. See Configuration page for details.