Carbanak+FIN7
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
3.B.7
|
|
|
A General detection was generated when powershell.exe connected to 192.168.0.4 over a commonly used port.
[1]
|
|
powershell.exe transmits data to 192.168.0.4 over TCP
-
Process Monitoring
-
Network Monitoring
[1]
APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
1.A.3
|
|
|
Telemetry showed rcs.3aka3.doc connecting to 192.168.0.5 on TCP port 1234.
[1]
[2]
|
|
A Technique detection called "T1043: Commonly Used Port" showed rcs.3aka3.doc connecting to 192.168.0.5 on TCP port 1234.
[1]
|
|
Established C2 channel (192.168.0.5) via rcs.3aka3.doc payload over TCP port 1234
Established network channel over port 1234
[1]
[2]
Established C2 channel (192.168.0.5) via rcs.3aka3.doc payload over TCP port 1234
Established network channel over port 1234
[1]
APT3
|
The technique was not in scope.
|