Home >
Enterprise >
Participants >
FireEye >
Ingress Tool Transfer (T1105)
|
|
Carbanak+FIN7 |
||||||||||
Step | ATT&CK Pattern |
|
||||||||
2.B.1
|
Tactic Command and Control (TA0011) |
|
||||||||
3.B.1
|
Tactic Command and Control (TA0011) |
|
||||||||
4.B.1
|
Tactic Command and Control (TA0011) |
|
||||||||
4.B.2
|
Tactic Command and Control (TA0011) |
|
||||||||
5.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||
5.A.2
|
Tactic Command and Control (TA0011) |
|
||||||||
5.A.3
|
Tactic Command and Control (TA0011) |
|
||||||||
5.A.4
|
Tactic Command and Control (TA0011) |
|
||||||||
5.A.5
|
Tactic Command and Control (TA0011) |
|
||||||||
7.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||
7.C.1
|
Tactic Command and Control (TA0011) |
|
||||||||
7.C.3
|
Tactic Command and Control (TA0011) |
|
||||||||
9.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||
9.B.1
|
Tactic Command and Control (TA0011) |
|
||||||||
10.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||
10.A.2
|
Tactic Command and Control (TA0011) |
|
||||||||
12.B.1
|
Tactic Command and Control (TA0011) |
|
||||||||
13.B.1
|
Tactic Command and Control (TA0011) |
|
||||||||
15.A.2
|
Tactic Command and Control (TA0011) |
|
||||||||
15.A.3
|
Tactic Command and Control (TA0011) |
|
||||||||
16.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||
16.A.2
|
Tactic Command and Control (TA0011) |
|
||||||||
17.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||
19.B.3
|
Tactic Command and Control (TA0011) |
|
||||||||
19.B.4
|
Tactic Command and Control (TA0011) |
|
||||||||
20.B.1
|
Tactic Command and Control (TA0011) |
|
||||||||
20.B.3
|
Tactic Command and Control (TA0011) |
|
APT29 |
||||||||||||
Step | ATT&CK Pattern |
|
||||||||||
3.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||||
4.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||||
8.B.1
|
Tactic Command and Control (TA0011) |
|
||||||||||
9.A.1
|
Tactic Command and Control (TA0011) |
|
||||||||||
9.A.2
|
Tactic Command and Control (TA0011) |
|
||||||||||
14.B.3
|
Tactic Command and Control (TA0011) |
|
Procedure
Downloaded and dropped Mimikatz (m.exe) to disk
Criteria
powershell.exe downloading and/or the file write of m.exe
Footnotes
- Though no image was captured, MITRE confirmed that the vendor has the capability to show available telemetry in a separate view.
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
7.B.1
|
Tactic Command and Control (TA0011) |
|
||||
14.A.1.2
|
Tactic Command and Control (TA0011) |
|
||||
16.E.1
|
Tactic Command and Control (TA0011) |
|
||||
19.A.1.2
|
Tactic Command and Control (TA0011) |
|
Procedure
Empire: Built-in upload module executed to write binary (recycler.exe) to disk on CodeRed (10.0.1.5)
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]

