Home >
Enterprise >
Participants >
Trend Micro >
Ingress Tool Transfer (T1105)
|
|
Carbanak+FIN7 |
||||||||
Step | ATT&CK Pattern |
|
||||||
2.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
3.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
4.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
4.B.2
|
Tactic Command and Control (TA0011) |
|
||||||
5.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
5.A.2
|
Tactic Command and Control (TA0011) |
|
||||||
5.A.3
|
Tactic Command and Control (TA0011) |
|
||||||
5.A.4
|
Tactic Command and Control (TA0011) |
|
||||||
5.A.5
|
Tactic Command and Control (TA0011) |
|
||||||
7.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
7.C.1
|
Tactic Command and Control (TA0011) |
|
||||||
7.C.3
|
Tactic Command and Control (TA0011) |
|
||||||
9.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
9.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
10.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
10.A.2
|
Tactic Command and Control (TA0011) |
|
||||||
12.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
13.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
15.A.2
|
Tactic Command and Control (TA0011) |
|
||||||
15.A.3
|
Tactic Command and Control (TA0011) |
|
||||||
16.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
16.A.2
|
Tactic Command and Control (TA0011) |
|
||||||
17.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
19.B.3
|
Tactic Command and Control (TA0011) |
|
||||||
19.B.4
|
Tactic Command and Control (TA0011) |
|
||||||
20.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
20.B.3
|
Tactic Command and Control (TA0011) |
|
APT29 |
||||||||
Step | ATT&CK Pattern |
|
||||||
3.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
4.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
8.B.1
|
Tactic Command and Control (TA0011) |
|
||||||
9.A.1
|
Tactic Command and Control (TA0011) |
|
||||||
9.A.2
|
Tactic Command and Control (TA0011) |
|
||||||
14.B.3
|
Tactic Command and Control (TA0011) |
|
Procedure
Copied python.exe payload from a WebDAV share (192.168.0.4) to remote host Scranton (10.0.1.4)
Criteria
The file python.exe created on Scranton (10.0.1.4)
Footnotes
- Though no image was captured, MITRE confirmed that the vendor has the capability to show available telemetry in a separate view.