Home >
Enterprise >
Participants >
RSA >
Execution (TA0002)
|
|
APT3 |
||||
Step | ATT&CK Pattern |
|
||
1.A.1.1
|
|
|||
1.A.1.2
|
Technique Signed Binary Proxy Execution (T1218) Subtechnique Signed Binary Proxy Execution: Rundll32 (T1218.011) |
|
||
1.A.1.3
|
|
|||
3.C.1
|
Technique Process Injection (T1055) |
|
||
5.A.1.2
|
Technique Process Injection (T1055) |
|
||
5.A.2.2
|
Technique Process Injection (T1055) |
|
||
7.A.1.2
|
Technique Graphical User Interface (T1061) |
|
||
7.C.1
|
|
|||
8.D.1.2
|
Technique Process Injection (T1055) |
|
||
10.A.2
|
|
|||
11.A.1
|
|
|||
12.E.1
|
|
|||
16.F.1
|
|
|||
16.L.1
|
|
Procedure
Microsoft Management Console (Local Users and Groups snap-in) GUI utility used to add new user through RDP connection