Home >
Enterprise >
Participants >
FireEye >
Commonly Used Port (T1043)
|
|
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||||||
Step | ATT&CK Pattern |
|
||||||
3.B.3
|
Tactic Command and Control (TA0011) |
|
||||||
11.A.13
|
Tactic Command and Control (TA0011) |
|
Procedure
Established C2 channel (192.168.0.4) via PowerShell payload over port 443
Criteria
Established network channel over port 443
Footnotes
- Though no image was captured, MITRE confirmed that the vendor has the capability to show available telemetry in a separate view.
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
1.C.1.1
|
Tactic Command and Control (TA0011) |
|
||||
6.B.1.1
|
Tactic Command and Control (TA0011) |
|
||||
11.B.1.1
|
Tactic Command and Control (TA0011) |
|
||||
14.A.1.4
|
Tactic Command and Control (TA0011) |
|
Procedure
Cobalt Strike: C2 channel established using port 53
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


Procedure
Cobalt Strike: C2 channel modified to use port 80
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


Procedure
Empire: C2 channel established using port 443
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]


Procedure
Empire: UAC bypass module downloaded a new Empire stager (wdbypass) over port 8080
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]

