Home >
Enterprise >
Participants >
FireEye >
Command and Scripting Interpreter (T1059)
|
|
Carbanak+FIN7 |
||||||||
Step | ATT&CK Pattern |
|
||||||
1.A.3
|
|
|||||||
1.A.7
|
|
|||||||
1.A.8
|
|
|||||||
1.A.9
|
Tactic Execution (TA0002) Subtechnique Command and Scripting Interpreter: JavaScript/Jscript (T1059.007) |
|
||||||
2.B.2
|
|
|||||||
2.B.3
|
|
|||||||
3.A.1
|
|
|||||||
3.B.2
|
|
|||||||
3.B.3
|
|
|||||||
4.B.3
|
|
|||||||
4.B.6
|
|
|||||||
5.A.6
|
|
|||||||
5.C.5
|
|
|||||||
6.A.1
|
|
|||||||
7.A.2
|
|
|||||||
8.A.1
|
|
|||||||
11.A.4
|
|
|||||||
12.A.2
|
Tactic Execution (TA0002) Subtechnique Command and Scripting Interpreter: JavaScript/Jscript (T1059.007) |
|
||||||
13.A.2
|
|
|||||||
13.B.2
|
|
|||||||
13.B.3
|
|
|||||||
14.A.1
|
|
|||||||
14.A.2
|
|
|||||||
14.A.4
|
|
|||||||
15.A.4
|
|
|||||||
16.A.3
|
|
|||||||
17.A.3
|
|
|||||||
19.B.1
|
|
APT29 |
||||||||||
Step | ATT&CK Pattern |
|
||||||||
1.B.1
|
|
|||||||||
1.B.2
|
|
|||||||||
4.A.2
|
|
|||||||||
9.B.1
|
|
|||||||||
11.A.12
|
|
|||||||||
20.A.3
|
|
Procedure
Spawned interactive powershell.exe
Criteria
powershell.exe spawning from cmd.exe
Footnotes
- Though no image was captured, MITRE confirmed that the vendor has the capability to show available telemetry in a separate view.
Procedure
Spawned interactive powershell.exe
Criteria
powershell.exe spawning from powershell.exe
Footnotes
- Though no image was captured, MITRE confirmed that the vendor has the capability to show available telemetry in a separate view.
Procedure
Executed PowerShell stager payload
Criteria
powershell.exe spawning from from the schemas ADS (powershell.exe)
Footnotes
- Though no image was captured, MITRE confirmed that the vendor has the capability to show available telemetry in a separate view.
APT3 |
||||||||
Step | ATT&CK Pattern |
|
||||||
1.A.1.3
|
|
|||||||
11.A.1
|
|
|||||||
12.E.1
|
|
|||||||
15.A.1.1
|
|
|||||||
16.F.1
|
Tactic Execution (TA0002) |
|
Procedure
Empire: Built-in WinEnum module executed to programmatically execute a series of enumeration techniques
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]

