Home >
Enterprise >
Participants >
FireEye >
Create Account (T1136)
|
|
See technique results for:
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||||||||
Step | ATT&CK Pattern |
|
||||||||
20.B.3
|
|
Procedure
Added a new user to the remote host Scranton (10.0.1.4) using net.exe
Criteria
net.exe adding the user Toby
Footnotes
- Though no image was captured, MITRE confirmed that the vendor has the capability to show available telemetry in a separate view.
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
7.A.1.1
|
|
Procedure
Added user Jesse to Conficker (10.0.0.5) through RDP connection
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]

