Home >
Enterprise >
Participants >
Secureworks >
Ingress Tool Transfer (T1105)
|
|
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
3.A.1
|
Tactic Command and Control (TA0011) |
|
||||
4.A.1
|
Tactic Command and Control (TA0011) |
|
||||
8.B.1
|
Tactic Command and Control (TA0011) |
|
||||
9.A.1
|
Tactic Command and Control (TA0011) |
|
||||
9.A.2
|
Tactic Command and Control (TA0011) |
|
||||
14.B.3
|
Tactic Command and Control (TA0011) |
|
Procedure
Dropped stage 2 payload (monkey.png) to disk
Criteria
The rcs.3aka3.doc process creating the file monkey.png
Procedure
Copied python.exe payload from a WebDAV share (192.168.0.4) to remote host Scranton (10.0.1.4)
Criteria
The file python.exe created on Scranton (10.0.1.4)
Procedure
Dropped rar.exe to disk on remote host Scranton (10.0.1.4)
Criteria
python.exe creating the file rar.exe
Procedure
Dropped sdelete.exe to disk on remote host Scranton (10.0.1.4)
Criteria
python.exe creating the file sdelete64.exe