Home >
Enterprise >
Participants >
CrowdStrike >
Application Layer Protocol: DNS (T1071.004)
|
|
See subtechnique results for:
Carbanak+FIN7 |
||
The subtechnique was not in scope. |
APT29 |
||
The subtechnique was not in scope. |
APT3 |
||||||||||
Step | ATT&CK Pattern |
|
||||||||
1.C.1.2
|
|
Procedure
Cobalt Strike: C2 channel established using DNS traffic to freegoogleadsenseinfo.com
Footnotes
- For any alert in the user interface, the telemetry behind it is separately available in the capability. This is counted as a separate detection because the functionality was shown to MITRE throughout the evaluation, though a screenshot was not taken in this instance.


[2]


[3]

