…pril 2025 Version Permalink Live Version Procedure Examples ID Name Description C0034 2022 Ukraine Electric Power Attack During the 2022 Ukraine Electric Power Attack Sandworm Team deployed the GOGETTER tunneler software to establish a "Yamux" TLS-based C2 channel with an externa…

…ll scripts to run a credential harvesting tool in memory to evade defenses. [6] C0034 2022 Ukraine Electric Power Attack During the 2022 Ukraine Electric Power Attack , Sandworm Team utilized a PowerShell utility called TANKTRAP to spread and launch a wiper using Windows Group Po…

…s: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns. Retrieved May 29, 2020. Ilascu, I. (2020, December 14). Hacking group’s new malware abuses Google and Facebook services. Retrieved December 28, 2020. Cristian Souza, Eduardo Ovalle, Ashley …

C0034 2022 Ukraine Electric Power Attack During the 2022 Ukraine Electric Power Attack , Sandworm Team deployed the Neo-REGEORG webshell on an internet-facing server. [3] G1030 Agrius Agrius typically deploys a variant of the ASPXSpy web shell following initial access via exploit…

…ll scripts to run a credential harvesting tool in memory to evade defenses. [6] C0034 2022 Ukraine Electric Power Attack During the 2022 Ukraine Electric Power Attack , Sandworm Team utilized a PowerShell utility called TANKTRAP to spread and launch a wiper using Windows Group Po…

…Lazarus. Retrieved May 1, 2020. Kimayong, P. (2020, June 18). COVID-19 and FMLA Campaigns used to install new IcedID banking malware. Retrieved July 14, 2020. DFIR. (2022, April 25). Quantum Ransomware. Retrieved July 26, 2024. DFIR. (2021, March 29). Sodinokibi (aka REvil) Ranso…

… Retrieved April 4, 2023. Sierra, E., Iglesias, G.. (2018, April 24). Metamorfo Campaigns Targeting Brazilian Users. Retrieved July 30, 2020. Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021. Miller-Osborn, J. and Grunzweig, J.. (2017, March 30). T…