APT29
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
7.B.4
|
|
|
An MSSP detection occurred containing evidence of OfficeSupplies.7z being uploaded to 192.168.0.4 using WebDav.
[1]
|
None
(Delayed (Manual), Host Interrogation)
|
Minimum detection criteria was not met for this procedure.
[1]
|
|
Exfiltrated collection (OfficeSupplies.7z) to WebDAV network share using PowerShell
powershell executing Copy-Item pointing to an attack-controlled WebDav network share (192.168.0.4:80)
[1]
Exfiltrated collection (OfficeSupplies.7z) to WebDAV network share using PowerShell
powershell executing Copy-Item pointing to an attack-controlled WebDav network share (192.168.0.4:80)
[1]