search

OTRF / detection-hackathon-apt29

Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets
GNU General Public License v3.0
133 stars 41 forks source link

17.B) Data from Local System, Data Staged #41

Open Cyb3rWard0g opened 4 years ago

Cyb3rWard0g commented 4 years ago

Description

The attacker collects (T1005) and stages (T1074) a file of interest.

1.  New-Item -Path "C:\Windows\Temp\" -Name "WindowsParentalControlMigration" -ItemType "directory"
2.  Copy-Item "C:\Users\dschrute\Documents\MITRE-ATTACK-EVALS.HTML" -Destination "C:\Windows\Temp\WindowsParentalControlMigration"