Home >
Enterprise >
Participants >
FireEye >
Process Injection (T1055)
|
|
Carbanak+FIN7 |
||||
Step | ATT&CK Pattern |
|
||
9.A.3
|
Tactic Defense Evasion (TA0005) |
|
||
16.A.7
|
|
|||
18.A.1
|
Tactic Defense Evasion (TA0005) |
|
||
18.A.3
|
Tactic Defense Evasion (TA0005) |
|
||
20.A.2
|
Tactic Defense Evasion (TA0005) |
|
APT29 |
||
The technique was not in scope. |
APT3 |
||||
Step | ATT&CK Pattern |
|
||
3.C.1
|
Tactic Execution (TA0002) |
|
||
5.A.1.2
|
Tactic Execution (TA0002) |
|
||
5.A.2.2
|
Tactic Execution (TA0002) |
|
||
8.D.1.2
|
Tactic Execution (TA0002) |
|
Procedure
Cobalt Strike: Built-in process injection capability executed to inject callback into cmd.exe
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.
- The vendor stated the process injection detection capability is a HX plugin that is only available within the Managed Defense Service, and the data is reported to a separate cloud server which is not accessible to customers at this time.


[2]

