APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
5.A.1
|
|
|
An MSSP detection contained evidence of the creation of the javamtsup service.
[1]
|
|
Telemetry showed a registry event for the creation of javamtsup service. The event was correlated to a parent General detection for suspicious PowerShell.
[1]
[2]
|
|
Created a new service (javamtsup) that executes a service binary (javamtsup.exe) at system startup
powershell.exe creating the Javamtsup service
[1]
Created a new service (javamtsup) that executes a service binary (javamtsup.exe) at system startup
powershell.exe creating the Javamtsup service
[1]
[2]