Home >
Enterprise >
Participants >
Microsoft >
User Execution: Malicious File (T1204.002)
|
|
See subtechnique results for:
Carbanak+FIN7 |
||
The subtechnique was not in scope. |
APT29 |
||||||||
Step | ATT&CK Pattern |
|
||||||
1.A.1
|
|
|||||||
11.A.1
|
|
APT3 |
||||
Step | ATT&CK Pattern |
|
||
1.A.1.1
|
|
Procedure
Legitimate user Debbie clicked and executed malicious self-extracting archive (Resume Viewer.exe) on 10.0.1.6 (Nimda)
Footnotes
- Resume Viewer.exe was audited by Exploit Guard and the vendor stated that the audit events demonstrate that execution would have been prevented if Attack Surface Reduction (ASR) was enabled in blocking mode.


[2]


[3]


[4]


[5]


[6]


[7]


[8]

