Home >
Enterprise >
Participants >
Microsoft >
Process Injection (T1055)
|
|
Carbanak+FIN7 |
||||||||
Step | ATT&CK Pattern |
|
||||||
9.A.3
|
Tactic Defense Evasion (TA0005) |
|
||||||
16.A.7
|
|
|||||||
18.A.1
|
Tactic Defense Evasion (TA0005) |
|
||||||
18.A.3
|
Tactic Defense Evasion (TA0005) |
|
||||||
20.A.2
|
Tactic Defense Evasion (TA0005) |
|
APT29 |
||
The technique was not in scope. |
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
3.C.1
|
Tactic Execution (TA0002) |
|
||||
5.A.1.2
|
Tactic Execution (TA0002) |
|
||||
5.A.2.2
|
Tactic Execution (TA0002) |
|
||||
8.D.1.2
|
Tactic Execution (TA0002) |
|
Procedure
Cobalt Strike: Built-in process injection capability executed to inject callback into cmd.exe
Footnotes
- Process Injection attempt was audited by Exploit Guard. Vendor states that the Exploit Guard audit events demonstrate that execution would have been prevented if Export Address Table (EAF) was enabled in blocking mode.


[2]


[3]


[4]

