Home >
Enterprise >
Participants >
GoSecure >
Lateral Tool Transfer (T1570)
|
|
Carbanak+FIN7 |
||||
Step | ATT&CK Pattern |
|
||
5.A.9
![]() |
Tactic Lateral Movement (TA0008) |
|
||
5.A.10
![]() |
Tactic Lateral Movement (TA0008) |
|
||
5.A.11
![]() |
Tactic Lateral Movement (TA0008) |
|
||
5.C.4
|
Tactic Lateral Movement (TA0008) |
|
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
16.D.1
|
Tactic Lateral Movement (TA0008) |
|
APT3 |
||||
Step | ATT&CK Pattern |
|
||
16.G.1
|
Tactic Lateral Movement (TA0008) |
|
Procedure
Empire: Built-in move capability executed to write malicious VBScript (update.vbs) to disk on Creeper (10.0.0.4)
Footnotes
- The condition contributing to enrichment may have been added to the capability's detection after the start of the evaluation, so the detection is identified as a configuration change. See Configuration page for details.

