Carbanak+FIN7
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
6.A.3
|
|
|
A General detection named "PowerShell/RiskWare.PowerSploit.D" (Threat) was generated when PowerSploit malware was identified.
[1]
|
|
|
|
A Technique detection named "PowerView cmdlet name in AMSI" (Warning) was generated when a PowerView cmdlet (Get-NetUser) was identified in memory.
[1]
[2]
|
|
PowerShell executes Get-NetUser
[1]
PowerShell executes Get-NetUser
-
Process Monitoring
-
Script Logs
[1]
PowerShell executes Get-NetUser
-
Process Monitoring
-
Script Logs
[1]
[2]