Home >
Enterprise >
Participants >
Malwarebytes >
Exfiltration Over Command and Control Channel (T1041)
|
|
Carbanak+FIN7 |
||||
Step | ATT&CK Pattern |
|
||
2.B.5
|
Tactic Exfiltration (TA0010) |
|
||
13.B.5
|
Tactic Exfiltration (TA0010) |
|
||
20.B.5
|
Tactic Exfiltration (TA0010) |
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
2.B.1
|
Tactic Exfiltration (TA0010) |
|
||
9.B.8
|
Tactic Command and Control (TA0011) |
|
Procedure
Read and downloaded ZIP (Draft.zip) over C2 channel (192.168.0.5 over TCP port 1234)
Criteria
The rcs.3aka3.doc process reading the file draft.zip while connected to the C2 channel
Footnotes
- Network data collection was not active at the time of the evaluation due to ongoing product enhancements.
Procedure
Read and downloaded ZIP (working.zip on Desktop) over C2 channel (192.168.0.5 over TCP port 8443)
Criteria
python.exe reading the file working.zip while connected to the C2 channel
Footnotes
- Network data collection was not active at the time of the evaluation due to ongoing product enhancements.