Carbanak+FIN7
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
19.A.3
|
|
|
|
|
A Technique detection named "ProxySettingsChanged" was generated when itadmin alerted ProxySettingsChanged with command Wpadroxy showing syspropadv process modifying settings earlier in execution.
[1]
[2]
|
|
itadmin (10.0.1.6) is relaying RDP traffic from attacker infrastructure
[1]
itadmin (10.0.1.6) is relaying RDP traffic from attacker infrastructure
[1]
[2]
APT29
|
The technique was not in scope.
|
APT3
|
The technique was not in scope.
|