Home >
Enterprise >
Participants >
Bitdefender >
Exfiltration Over Alternative Protocol (T1048)
|
|
See technique results for:
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||||||
Step | ATT&CK Pattern |
|
||||||
7.B.4
|
|
Procedure
Exfiltrated collection (OfficeSupplies.7z) to WebDAV network share using PowerShell
Criteria
powershell executing Copy-Item pointing to an attack-controlled WebDav network share (192.168.0.4:80)
Footnotes
- The logic for this detection was enabled after the start of the evaluation so the detection is identified as a Detection Configuration Change.


Procedure
Exfiltrated collection (OfficeSupplies.7z) to WebDAV network share using PowerShell
Criteria
powershell executing Copy-Item pointing to an attack-controlled WebDav network share (192.168.0.4:80)
Footnotes
- The logic for this detection was enabled after the start of the evaluation so the detection is identified as a Detection Configuration Change.

