Home >
Enterprise >
Participants >
FireEye >
Valid Accounts (T1078)
|
|
See technique results for:
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
4.A.4
|
|
|||||
5.A.8
![]() |
|
|||||
5.B.2
![]() |
|
|||||
7.A.4
|
|
|||||
7.B.2
|
|
|||||
16.A.4
|
|
|||||
19.A.1
|
|
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
8.C.1
|
|
|||||
16.C.2
|
|
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
10.B.1.1
|
|
|||||
16.B.1.1
|
|
|||||
16.D.1.2
|
|
Procedure
RDP connection to Conficker (10.0.0.5) authenticated using previously added user Jesse
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


Procedure
Empire: 'net use' via PowerShell to successfully authenticate to Creeper (10.0.0.4) using credentials of user Kmitnick
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]

