APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
8.C.1
|
|
|
Telemetry showed a valid logon on Scranton (10.0.1.4) as user Pam.
[1]
[2]
|
|
An MSSP detection occurred containing evidence of a valid logon on Scranton (10.0.1.4) as user Pam.
[1]
|
|
16.C.2
|
|
|
Telemetry showed a successful logon on NewYork (10.0.0.4) as user MScott.
[1]
|
|
An MSSP detection contained evidence of the successful logon of MScott on NewYork (10.0.0.4).
[1]
|
|
Logged on to remote host Scranton (10.0.1.4) using valid credentials for user Pam
Successful logon as user Pam on Scranton (10.0.1.4)
[1]
[2]
Logged on to remote host Scranton (10.0.1.4) using valid credentials for user Pam
Successful logon as user Pam on Scranton (10.0.1.4)
[1]
Logged on to the domain controller host NewYork (10.0.0.4) using valid credentials for user MScott
Successful logon as user MScott on NewYork (10.0.0.4)
[1]
Logged on to the domain controller host NewYork (10.0.0.4) using valid credentials for user MScott
Successful logon as user MScott on NewYork (10.0.0.4)
[1]