Home >
Enterprise >
Participants >
BlackBerry Cylance >
Remote System Discovery (T1018)
|
|
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
4.A.2
|
Tactic Discovery (TA0007) |
|
||||
5.B.7
![]() |
Tactic Discovery (TA0007) |
|
||||
6.A.2
|
Tactic Discovery (TA0007) |
|
||||
15.A.8
|
Tactic Discovery (TA0007) |
|
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
8.A.1
|
Tactic Discovery (TA0007) |
|
||||
16.A.1
|
Tactic Discovery (TA0007) |
|
Procedure
Enumerated remote systems using LDAP queries
Criteria
powershell.exe making LDAP queries over port 389 to the Domain Controller (10.0.0.4)
Footnotes
- Though no image was captured, MITRE confirmed that the vendor has the capability to show available telemetry in a separate view.