Home >
Enterprise >
Participants >
FireEye >
Scheduled Task/Job (T1053)
|
|
See technique results for:
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
11.A.8
|
|
|||||
12.A.1
|
|
APT29 |
||
The technique was not in scope. |
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
7.C.1
|
|
|||||
10.A.2
|
|
Procedure
Cobalt Strike: 'schtasks' via cmd to create scheduled task that executes a DLL payload (updater.dll)
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]


Procedure
Scheduled task executed when user Debbie logs on to Nimda (10.0.1.6), launching a DLL payload (updater.dll) using Rundll32
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]

