Home >
Enterprise >
Participants >
VMware Carbon Black >
Non-Application Layer Protocol (T1095)
|
|
See technique results for:
Carbanak+FIN7 |
||||
Step | ATT&CK Pattern |
|
||
3.B.7
|
Tactic Command and Control (TA0011) |
|
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
1.A.3
|
Tactic Command and Control (TA0011) |
|
Procedure
Established C2 channel (192.168.0.5) via rcs.3aka3.doc payload over TCP port 1234
Criteria
Established network channel over port 1234
Footnotes
- According to the vendor, the VMware Carbon Black Cloud could be configured to prevent this activity by implementing rules blocking Office Documents making network connections.


[2]


APT3 |
||
The technique was not in scope. |