Home >
Enterprise >
Participants >
Malwarebytes >
User Execution (T1204)
|
|
See technique results for:
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
1.A.1
|
Tactic Execution (TA0002) |
|
||||
11.A.1
|
Tactic Execution (TA0002) |
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
1.A.1
|
|
|||
11.A.1
|
|
Procedure
User Oscar executed payload 37486-the-shocking-truth-about-election-rigging-in-america.rtf.lnk
Criteria
powershell.exe spawning from explorer.exe
Footnotes
- Updates to detections and logging were enabled after the start of the evaluation, so it is identified as a Detection Configuration Change.

