Carbanak+FIN7
|
The subtechnique was not in scope.
|
APT29
|
The subtechnique was not in scope.
|
APT3
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
1.C.1.2
|
|
Specific Behavior
(Delayed)
|
The Managed Defense Report indicated a Specific Behavior occurred because it identified that command and control occurred via DNS.
[1]
[2]
|
|
An Indicator of Compromise alert was generated for the hardcoded DNS record name syntax in the DNS lookups for freegoogleadsenseinfo.com (C2 domain). The alert was also tagged with the correct ATT&CK Technique (T1071 - Standard Application Layer Protocol) and Tactic (Command and Control).
[1]
[2]
|
|
Cobalt Strike: C2 channel established using DNS traffic to freegoogleadsenseinfo.com
-
Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.
[1]
[2]
Cobalt Strike: C2 channel established using DNS traffic to freegoogleadsenseinfo.com
[1]
[2]