Home >
Enterprise >
Participants >
Malwarebytes >
Remote Services: Windows Remote Management (T1021.006)
|
|
See subtechnique results for:
Carbanak+FIN7 |
||
The subtechnique was not in scope. |
APT29 |
||||
Step | ATT&CK Pattern |
|
||
8.A.2
|
|
|||
16.C.1
|
|
|||
20.B.2
|
|
Procedure
Established WinRM connection to remote host Scranton (10.0.1.4)
Criteria
Network connection to Scranton (10.0.1.4) over port 5985
Procedure
Established a WinRM connection to the domain controller host NewYork (10.0.0.4)
Criteria
Network connection to NewYork (10.0.0.4) over port 5985