APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
6.A.3
|
|
|
An MSSP detection contained evidence showing accesschk.exe is not the legitimate Sysinternals tool.
[1]
|
|
Telemetry showed hash of accesschk.exe which can be used to verify it is not the legitimate Sysinternals tool.
[1]
|
|
Masqueraded a Chrome password dump tool as accesscheck.exe, a legitimate Sysinternals tool
Evidence that accesschk.exe is not the legitimate Sysinternals tool
[1]
Masqueraded a Chrome password dump tool as accesscheck.exe, a legitimate Sysinternals tool
Evidence that accesschk.exe is not the legitimate Sysinternals tool
[1]