Home >
Enterprise >
Participants >
GoSecure >
Exfiltration (TA0010)
|
|
See tactic results for:
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
2.B.5
|
|
|||||
13.B.5
|
|
|||||
20.B.4
|
Technique Archive Collected Data (T1560) Subtechnique Archive Collected Data: Archive via Utility (T1560.001) |
|
||||
20.B.5
|
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
2.B.1
|
|
|||
7.B.4
|
|
|||
18.A.2
|
|
APT3 |
||||
Step | ATT&CK Pattern |
|
||
9.B.1.2
|
|
|||
19.C.1
|
|
Procedure
Empire: Sequence of 'echo' commands via PowerShell to populate commands in text file (ftp.txt), which is then executed by FTP to exfil data through network connection separate of existing C2 channel
Footnotes
- Vendor modified configurations between scenario one and two, but MITRE assesses the change did not significantly affect results for this detection. See Configuration page for details.