Home >
Enterprise >
Participants >
FireEye >
Permission Groups Discovery (T1069)
|
|
See technique results for:
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
4.C.9
|
|
|||||
4.C.11
|
|
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
2.F.1
|
|
|||||
2.F.2
|
|
|||||
2.F.3
|
|
|||||
12.E.1.2
|
|
|||||
12.F.1
|
|
|||||
12.F.2
|
|
Procedure
Cobalt Strike: 'net localgroup administrators' via cmd
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]


Procedure
Cobalt Strike: 'net localgroup administrators -domain' via cmd
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]


Procedure
Cobalt Strike: 'net group \"Domain Admins\" -domain' via cmd
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]


Procedure
Empire: 'net group \"Domain Admins\" -domain' via PowerShell
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


Procedure
Empire: 'Net Localgroup Administrators' via PowerShell
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]

