Home >
Enterprise >
Participants >
GoSecure >
Ingress Tool Transfer (T1105)
|
|
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
2.B.1
|
Tactic Command and Control (TA0011) |
|
||||
3.B.1
|
Tactic Command and Control (TA0011) |
|
||||
4.B.1
|
Tactic Command and Control (TA0011) |
|
||||
4.B.2
|
Tactic Command and Control (TA0011) |
|
||||
5.A.1
|
Tactic Command and Control (TA0011) |
|
||||
5.A.2
|
Tactic Command and Control (TA0011) |
|
||||
5.A.3
|
Tactic Command and Control (TA0011) |
|
||||
5.A.4
|
Tactic Command and Control (TA0011) |
|
||||
5.A.5
|
Tactic Command and Control (TA0011) |
|
||||
7.A.1
|
Tactic Command and Control (TA0011) |
|
||||
7.C.1
|
Tactic Command and Control (TA0011) |
|
||||
7.C.3
|
Tactic Command and Control (TA0011) |
|
||||
9.A.1
|
Tactic Command and Control (TA0011) |
|
||||
9.B.1
|
Tactic Command and Control (TA0011) |
|
||||
10.A.1
|
Tactic Command and Control (TA0011) |
|
||||
10.A.2
|
Tactic Command and Control (TA0011) |
|
||||
12.B.1
|
Tactic Command and Control (TA0011) |
|
||||
13.B.1
|
Tactic Command and Control (TA0011) |
|
||||
15.A.2
|
Tactic Command and Control (TA0011) |
|
||||
15.A.3
|
Tactic Command and Control (TA0011) |
|
||||
16.A.1
|
Tactic Command and Control (TA0011) |
|
||||
16.A.2
|
Tactic Command and Control (TA0011) |
|
||||
17.A.1
|
Tactic Command and Control (TA0011) |
|
||||
19.B.3
|
Tactic Command and Control (TA0011) |
|
||||
19.B.4
|
Tactic Command and Control (TA0011) |
|
||||
20.B.1
|
Tactic Command and Control (TA0011) |
|
||||
20.B.3
|
Tactic Command and Control (TA0011) |
|
Criteria
powershell.exe downloads uac-samcats.ps1 from 192.168.0.4
Data Sources
- Process Monitoring
- Network Monitoring
- File Monitoring
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
3.A.1
|
Tactic Command and Control (TA0011) |
|
||||
4.A.1
|
Tactic Command and Control (TA0011) |
|
||||
8.B.1
|
Tactic Command and Control (TA0011) |
|
||||
9.A.1
|
Tactic Command and Control (TA0011) |
|
||||
9.A.2
|
Tactic Command and Control (TA0011) |
|
||||
14.B.3
|
Tactic Command and Control (TA0011) |
|
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
7.B.1
|
Tactic Command and Control (TA0011) |
|
||||
14.A.1.2
|
Tactic Command and Control (TA0011) |
|
||||
16.E.1
|
Tactic Command and Control (TA0011) |
|
||||
19.A.1.2
|
Tactic Command and Control (TA0011) |
|
Procedure
Empire: Built-in upload module executed to write malicious VBScript (autoupdate.vbs) to disk on CodeRed (10.0.1.5)
Footnotes
- Vendor modified configurations between scenario one and two, but MITRE assesses the change did not significantly affect results for this detection. See Configuration page for details.


Procedure
Empire: Built-in upload module executed to write binary (recycler.exe) to disk on CodeRed (10.0.1.5)
Footnotes
- The capability may have been modified after the start of the evaluation to create this alert, so the detection is identified as a configuration change. See Configuration page for details.


[2]


Procedure
Empire: Built-in upload module executed to write binary (recycler.exe) to disk on CodeRed (10.0.1.5)
Footnotes
- Vendor modified configurations between scenario one and two, but MITRE assesses the change did not significantly affect results for this detection. See Configuration page for details.


[2]

