Carbanak+FIN7
|
The technique was not in scope.
|
APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
2.A.2
|
|
|
Telemetry showed powershell.exe executing Get-ChildItem.
[1]
[2]
|
|
An MSSP detection for Collection occurred containing evidence that "PowerShell ran commands to query files with multiple extensions and compressed the found files into a zip file."
[1]
|
|
9.B.3
|
|
|
Telemetry showed powershell.exe executing ChildItem.
[1]
|
|
Scripted search of filesystem for document and media files using PowerShell
powershell.exe executing (Get-)ChildItem
[1]
[2]
Scripted search of filesystem for document and media files using PowerShell
powershell.exe executing (Get-)ChildItem
[1]
Scripted search of filesystem for document and media files using PowerShell
powershell.exe executing (Get-)ChildItem
[1]
APT3
|
The technique was not in scope.
|