Home >
Enterprise >
Participants >
Microsoft >
Application Layer Protocol (T1071)
|
|
Carbanak+FIN7 |
||||
Step | ATT&CK Pattern |
|
||
1.A.10
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
||
7.A.3
|
Tactic Command and Control (TA0011) |
|
||
8.A.2
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
||
12.A.3
|
Tactic Command and Control (TA0011) |
|
||
14.A.6
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
||
16.A.8
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
||
17.A.5
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
||
20.A.3
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
3.B.4
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
||
11.A.14
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
1.C.1.2
|
|
|||||
6.B.1.2
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
||||
11.B.1.2
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
||||
14.A.1.3
|
Tactic Command and Control (TA0011) Subtechnique Application Layer Protocol: Web Protocols (T1071.001) |
|
Procedure
Cobalt Strike: C2 channel established using DNS traffic to freegoogleadsenseinfo.com
Footnotes
- The vendor stated that DNS telemetry is captured but it was not immediately visible in the portal. The vendor made changes to the portal during the test to enable by default the visibility of these events.

