Carbanak+FIN7
|
The subtechnique was not in scope.
|
APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
7.B.4
|
|
General
(Alert, Configuration Change (Detections))
|
A General alert detection (low severity) was generated due to rundll32.exe connecting to 192.168.0.4 via WebDav.
[1]
|
|
Exfiltrated collection (OfficeSupplies.7z) to WebDAV network share using PowerShell
powershell executing Copy-Item pointing to an attack-controlled WebDav network share (192.168.0.4:80)
-
The vendor added a new detection for the technique.
[1]
APT3
|
The subtechnique was not in scope.
|