Home >
Enterprise >
Participants >
VMware Carbon Black >
Command and Scripting Interpreter: Windows Command Shell (T1059.003)
|
|
See subtechnique results for:
Carbanak+FIN7 |
||||||||||
Step | ATT&CK Pattern |
|
||||||||
1.A.8
|
|
|||||||||
2.B.2
|
|
|||||||||
3.A.1
|
|
|||||||||
3.B.2
|
|
|||||||||
4.B.6
|
|
|||||||||
5.A.6
|
|
|||||||||
5.C.5
|
|
|||||||||
7.A.2
|
|
|||||||||
13.A.2
|
|
|||||||||
13.B.2
|
|
|||||||||
14.A.1
|
|
|||||||||
16.A.3
|
|
|||||||||
17.A.3
|
|
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
1.B.1
|
|
Procedure
Spawned interactive cmd.exe
Criteria
cmd.exe spawning from the rcs.3aka3.doc process
Footnotes
- According to the vendor, the VMware Carbon Black Cloud could be configured to prevent this activity by implementing rules blocking Office documents or untrusted applications spawning command interpreters.


APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
1.A.1.3
|
|