Carbanak+FIN7
|
The subtechnique was not in scope.
|
APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
11.A.2
|
|
|
A General alert detection (blue indicator) was generated identifying powershell.exe executing the schemas ADS with Get-Content and IEX as threat activity.
[1]
|
|
An MSSP detection for "NTFS File Attributes" was received that described a PowerShell script reading another script from the schemas Alternate Data Stream in 2016_United_States_presidential_election_-_Wikipedia.html and executing it via IEX.
[1]
|
|
A Technique alert detection (yellow indicator) was generated NTFS File Attributes for 2016_UNITED_STATES_PRESEDENTIAL_ELECTION_-_WIKIPEDIA.HTML:SCHEMAS.
[1]
|
|
Executed an alternate data stream (ADS) using PowerShell
powershell.exe executing the schemas ADS via Get-Content and IEX
[1]
Executed an alternate data stream (ADS) using PowerShell
powershell.exe executing the schemas ADS via Get-Content and IEX
[1]
Executed an alternate data stream (ADS) using PowerShell
powershell.exe executing the schemas ADS via Get-Content and IEX
[1]