Carbanak+FIN7
|
The technique was not in scope.
|
APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
3.B.3
|
|
|
Telemetry showed powershell.exe connecting to 192.168.0.5 on port 443. The detection was correlated to a parent alert on rcs.3aka3.doc for the execution of a rogue unusual executable.
[1]
[2]
|
|
11.A.13
|
|
|
Telemetry showed powershell.exe making a network connection to the C2 (192.168.0.4) over port 443.
[1]
[2]
|
|
Established C2 channel (192.168.0.5) via PowerShell payload over TCP port 443
Established network channel over port 443
[1]
[2]
Established C2 channel (192.168.0.4) via PowerShell payload over port 443
Established network channel over port 443
[1]
[2]