Carbanak+FIN7
|
Step
|
ATT&CK Pattern
|
Detection Type |
Detection Note |
|
17.A.4
|
|
|
|
|
A Technique detection named "Hijack Execution Flow (T1574) | DLL Search Order Hijacking (T1574.001)" was generated when SystemPropertiesAdvanced.exe executed code in the illegitimate srrstr.dll.
[1]
|
|
SystemPropertiesAdvanced.exe executes code in the illegitimate srrstr.dll
-
Process Monitoring
-
DLL Monitoring
[1]
SystemPropertiesAdvanced.exe executes code in the illegitimate srrstr.dll
-
DLL Monitoring
-
Process Monitoring
[1]
APT29
|
The subtechnique was not in scope.
|
APT3
|
The subtechnique was not in scope.
|