# Category: enterprise

This adversary emulation plan is derived from the original APT29 content developed and used in the 2019 ATT&CK Evaluations

This adversary emulation plan is derived from the original APT29 content developed and used in the 2019 ATT&CK Evaluations

APT29 operations have been separated into two scenarios, with steps and granular procedures contained within each.

We hope to capture the general structure of what is reported to have been seen being used by APT29.

APT29 operations have been separated into two scenarios, with steps and granular procedures contained within each.

We hope to capture the general structure of what is reported to have been seen being used by APT29.

The universal, technology-agnostic version of the APT29 emulation plan YAML has been provided as starting point for machine parsing and execution of...

This content was developed as part of the APT29 ATT&CK Evaluations and includes both the resources used to

This repository contains the evals plugin for CALDERA. This plugin contains the TTPs used within the ATT&CK Evaluations round 2 (APT29) and round 1...

Before reporting an issue with GitHub, be sure that:

2016_United_States_presidential_election_-_Wikipedia.html: Staging payload for ADFS.

Please see the formal APT29 emulation document, which includes a break-down of the cited intelligence used for each step of this emulation.

Metasploit ( https://github.com/rapid7/metasploit-framework)

Filename

Atomic Red Team ( https://github.com/redcanaryco/atomic-red-team)

Please note that binary files hosted in Scenario_1 and Scenario_2 have been added to password protected zip files. The password for these files is

See for additional information.

Filename

See for additional information.

Objectives: APT29 is thought to be an organized and well-resourced cyber threat actor whose collection objectives align with the interests of the...

Please see the formal APT29 Intelligence Summary which includes a break-down of the cited intelligence used for each step of this emulation.

Version

This adversary emulation plan is derived from the original Carbanak content developed and used in the

This adversary emulation plan is derived from the original Carbanak content developed and used in the

For the purpose of this emulation plan, Carbanak operations have been separated into 2 scenarios (detections and protections), with steps and...

The infrastructure listed below is specific to Scenario 1, and assumes that the target environment is configured to only capture detections, rather...

For the purpose of this emulation plan, Carbanak operations have been separated into 2 scenarios (detections and protections), with steps and...

The infrastructure listed below is specific to Scenario 2, which assumes that protective/preventative actions may be performed within the target...

The universal, technology-agnostic version of the Carbanak emulation plan YAML has been provided as starting point for machine parsing and execution...

Please note that binary executable files hosted here have been added to password protected zip files. The password for these files is "malware."

AttackKatz is a modified version of Mimikatz. For information on Mimikatz, please take a look at "HOWTO-Mimikatz.md".

mimikatz is a tool I've made to learn C and make somes experiments with Windows security.

A repo for the ATT&CK Evals Carbanak C2 server

This UAC bypass relies on launching a native Windows process (performance monitor) and leveraging it's default

The ATT&CK Evaluations Telemetry Generator ( telemetry-generator.ps1) is a repeatable, adversary focused data creation mechanism to exercise a...

The emulation plans contain placeholders, such as <domain>, that represent values unique to the target environment that the plans are to be tested...

See for setup information.

Step 8

step 10

On Kali box (192.168.0.4):

Objectives: Carbanak is a threat group who has been found to manipulate financial assets, such as by transferring funds from bank accounts or by...

Please see the formal Carbanak Intelligence Summary which includes a break-down of the cited intelligence used for each step of this emulation.

Version

This section contains YARA rules that can be used to identify files used during the Carbanak ATT&CK Evaluation scenario.

This section contains files hashes that can be used to verify integrity of files used in this adversary emulation plan.

This adversary emulation plan is derived from the original FIN7 content developed and used in the 2020 ATT&CK Evaluations

This adversary emulation plan is derived from the original FIN7 content developed and used in the 2020 ATT&CK Evaluations

For the purpose of this emulation plan, FIN7 operations have been separated into 2 scenarios (detections and protections), with steps and granular...

We hope to capture the general structure of what is reported to have been seen being used by FIN7.