Home >
Enterprise >
Participants >
FireEye >
Data Staged (T1074)
|
|
See technique results for:
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||||||
Step | ATT&CK Pattern |
|
||||||
9.B.5
|
|
|||||||
17.B.2
|
|
Procedure
Staged files for exfiltration into ZIP (working.zip in AppData directory) using PowerShell
Criteria
powershell.exe creating the file working.zip
Footnotes
- The logic for this detection was enabled after the start of the evaluation so the detection is identified as a Detection Configuration Change.
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
18.B.1.1
|
|