Carbanak+FIN7
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
|
|
|
A General detection named "Network connection by detected process" (Low) was generated when pscp.exe connected over SCP (port 22) to 10.0.0.7.
[1]
|
|
A General detection named "Pscp usage" (Low) was generated when pscp.exe connected over SCP (port 22) to 10.0.0.7.
[1]
|
|
|
|
A General detection named "Outbound connection by detected process" (Info) was generated when pscp.exe connected over SCP (port 22) to 10.0.0.7.
[1]
|
|
A General detection named "Suspicious network connection by detected process" (Low) was generated when pscp.exe connected over SCP (port 22) to 10.0.0.7.
[1]
|
|
|
|
|
A General detection named "Network connection by detected process" (Info) was generated when plink.exe connected over SSH (port 22) to 10.0.0.7.
[1]
|
|
A General detection named "Suspicious network connection by detected process " (Low) was generated when plink.exe connected over SSH (port 22) to 10.0.0.7.
[1]
|
|
|
|
Pscp.exe connects over SCP (port 22) to 10.0.0.7
-
Network Monitoring
-
Process Monitoring
[1]
Pscp.exe connects over SCP (port 22) to 10.0.0.7
[1]
Pscp.exe connects over SCP (port 22) to 10.0.0.7
-
Network Monitoring
-
Process Monitoring
[1]
Pscp.exe connects over SCP (port 22) to 10.0.0.7
-
Network Monitoring
-
Process Monitoring
[1]
Pscp.exe connects over SCP (port 22) to 10.0.0.7
-
Network Monitoring
-
Process Monitoring
[1]
plink.exe connects over SSH (port 22) to 10.0.0.7
-
Process Monitoring
-
Network Monitoring
[1]
plink.exe connects over SSH (port 22) to 10.0.0.7
-
Process Monitoring
-
Network Monitoring
[1]
plink.exe connects over SSH (port 22) to 10.0.0.7
-
Process Monitoring
-
Network Monitoring
[1]
APT29
|
The subtechnique was not in scope.
|
APT3
|
The subtechnique was not in scope.
|