Home >
Enterprise >
Participants >
Cybereason >
Exfiltration Over Alternative Protocol (T1048)
|
|
See technique results for:
Carbanak+FIN7 |
||
The technique was not in scope. |
APT29 |
||||
Step | ATT&CK Pattern |
|
||
7.B.4
|
|
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
19.C.1
|
Tactic Exfiltration (TA0010) |
|
Procedure
Empire: Sequence of 'echo' commands via PowerShell to populate commands in text file (ftp.txt), which is then executed by FTP to exfil data through network connection separate of existing C2 channel
Procedure
Empire: Sequence of 'echo' commands via PowerShell to populate commands in text file (ftp.txt), which is then executed by FTP to exfil data through network connection separate of existing C2 channel
Footnotes
- The telemetry behind each enrichment is separately available in the capability. This is counted as a separate detection because the functionality was showed to MITRE throughout the evaluation, though a screenshot was not taken in this instance.