Home >
Enterprise >
Participants >
RSA >
Lateral Movement (TA0008)
|
|
APT3 |
||||
Step | ATT&CK Pattern |
|
||
6.C.1
|
|
|||
10.B.1.2
|
|
|||
16.A.1.2
|
Technique Remote Services (T1021) Subtechnique Remote Services: SMB/Windows Admin Shares (T1021.002) |
|
||
16.B.1.2
|
Technique Remote Services (T1021) Subtechnique Remote Services: SMB/Windows Admin Shares (T1021.002) |
|
||
16.D.1.1
|
Technique Remote Services (T1021) Subtechnique Remote Services: SMB/Windows Admin Shares (T1021.002) |
|
||
16.G.1
|
Technique Lateral Tool Transfer (T1570) |
|
||
20.A.1.2
|
|
Procedure
Empire: Built-in move capability executed to write malicious VBScript (update.vbs) to disk on Creeper (10.0.0.4)