Home >
Enterprise >
Participants >
Malwarebytes >
Encrypted Channel (T1573)
|
|
Carbanak+FIN7 |
||||
Step | ATT&CK Pattern |
|
||
1.A.11
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Asymmetric Cryptography (T1573.002) |
|
||
8.A.3
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Asymmetric Cryptography (T1573.002) |
|
||
14.A.7
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Asymmetric Cryptography (T1573.002) |
|
||
16.A.9
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Asymmetric Cryptography (T1573.002) |
|
||
17.A.6
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Asymmetric Cryptography (T1573.002) |
|
||
20.A.4
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Asymmetric Cryptography (T1573.002) |
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
1.A.4
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Symmetric Cryptography (T1573.001) |
|
||
3.B.5
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Asymmetric Cryptography (T1573.002) |
|
||
11.A.15
|
Tactic Command and Control (TA0011) Subtechnique Encrypted Channel: Asymmetric Cryptography (T1573.002) |
|
Procedure
Used RC4 stream cipher to encrypt C2 (192.168.0.5) traffic
Criteria
Evidence that the network data sent over the C2 channel is encrypted
Footnotes
- Network data collection was not active at the time of the evaluation due to ongoing product enhancements.
Procedure
Used HTTPS to encrypt C2 (192.168.0.5) traffic
Criteria
Evidence that the network data sent over the C2 channel is encrypted
Footnotes
- Network data collection was not active at the time of the evaluation due to ongoing product enhancements.