Home >
Enterprise >
Participants >
FireEye >
Remote System Discovery (T1018)
|
|
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
4.A.2
|
Tactic Discovery (TA0007) |
|
||||
5.B.7
![]() |
Tactic Discovery (TA0007) |
|
||||
6.A.2
|
Tactic Discovery (TA0007) |
|
||||
15.A.8
|
Tactic Discovery (TA0007) |
|
APT29 |
||||||||
Step | ATT&CK Pattern |
|
||||||
8.A.1
|
Tactic Discovery (TA0007) |
|
||||||
16.A.1
|
Tactic Discovery (TA0007) |
|
Procedure
Enumerated remote systems using LDAP queries
Criteria
powershell.exe making LDAP queries over port 389 to the Domain Controller (10.0.0.4)
Footnotes
- Though no image was captured, MITRE confirmed that the vendor has the capability to show available telemetry in a separate view.
Procedure
Enumerated the domain controller host NewYork (10.0.0.4) using LDAP queries
Criteria
powershell.exe making LDAP queries over port 389 via functions from System.DirectoryServices.dll
Footnotes
- Though no image was captured, MITRE confirmed that the vendor has the capability to show available telemetry in a separate view.
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
4.A.1
|
Tactic Discovery (TA0007) |
|
||||
4.A.2
|
Tactic Discovery (TA0007) |
|
||||
13.A.1
|
Tactic Discovery (TA0007) |
|
Procedure
Cobalt Strike: 'net group \"Domain Controllers\" -domain' via cmd
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]


Procedure
Cobalt Strike: 'net group \"Domain Computers\" -domain' via cmd
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]


Procedure
Empire: 'net group \"Domain Computers\" -domain' via PowerShell
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]

