Home >
Enterprise >
Participants >
VMware Carbon Black >
Commonly Used Port (T1043)
|
|
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
3.B.3
|
Tactic Command and Control (TA0011) |
|
||||
11.A.13
|
Tactic Command and Control (TA0011) |
|
Procedure
Established C2 channel (192.168.0.5) via PowerShell payload over TCP port 443
Criteria
Established network channel over port 443
Footnotes
- According to the vendor, the VMware Carbon Black Cloud could be configured to prevent this activity by implementing rules blocking powershell making network connections.


Procedure
Established C2 channel (192.168.0.4) via PowerShell payload over port 443
Criteria
Established network channel over port 443
Footnotes
- According to the vendor, the VMware Carbon Black Cloud could be configured to prevent this activity by implementing rules blocking powershell making network connections.


APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
1.C.1.1
|
Tactic Command and Control (TA0011) |
|
||||
6.B.1.1
|
Tactic Command and Control (TA0011) |
|
||||
11.B.1.1
|
Tactic Command and Control (TA0011) |
|
||||
14.A.1.4
|
Tactic Command and Control (TA0011) |
|