…arphishing attachments. [5] G0138 Andariel Andariel has conducted spearphishing campaigns that included malicious Word or Excel attachments. [6] [7] S0622 AppleSeed AppleSeed has been distributed to victims through malicious e-mail attachments. [8] G0099 APT-C-36 APT-C-36 has use…

…212 RansomHub RansomHub can use a proxy to connect to remote SFTP servers. [51] C0047 RedDelta Modified PlugX Infection Chain Operations Mustang Panda proxied communication through the Cloudflare CDN service during RedDelta Modified PlugX Infection Chain Operations [52] S1187 reG…

…ctus Latrodectus has been executed through malicious links distributed in email campaigns. [52] [53] G0140 LazyScripter LazyScripter has relied upon users clicking on links to malicious files. [51] G0065 Leviathan Leviathan has sent spearphishing email links attempting to get a u…

…s: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns. Retrieved May 29, 2020. Ilascu, I. (2020, December 14). Hacking group’s new malware abuses Google and Facebook services. Retrieved December 28, 2020. Cristian Souza, Eduardo Ovalle, Ashley …

… Retrieved April 4, 2023. Sierra, E., Iglesias, G.. (2018, April 24). Metamorfo Campaigns Targeting Brazilian Users. Retrieved July 30, 2020. Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021. Miller-Osborn, J. and Grunzweig, J.. (2017, March 30). T…

…. Retrieved May 26, 2020. Sierra, E., Iglesias, G.. (2018, April 24). Metamorfo Campaigns Targeting Brazilian Users. Retrieved July 30, 2020. ESET Research. (2019, October 3). Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico. Retrieved September 23,…

… deliver malware. [30] S1039 Bumblebee Bumblebee has been spread through e-mail campaigns with malicious links. [31] [32] C0011 C0011 During C0011 Transparent Tribe sent emails containing a malicious link to student targets in India. [33] C0021 C0021 During C0021 , the threat act…

…lnk) and/or Microsoft Office documents, sent via email as part of spearphishing campaigns. [152] [153] [154] [155] [156] S0455 Metamorfo Metamorfo requires the user to double-click the executable to run the malicious HTA file or to download a malicious installer. [157] [158] S112…

… used PowerShell to execute commands and to download malware. [257] [258] [259] C0047 RedDelta Modified PlugX Infection Chain Operations Mustang Panda used LNK files to execute PowerShell commands leading to eventual PlugX installation during RedDelta Modified PlugX Infection Cha…

…ra, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020. Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020. CERT-EE. (2021, January 27). Gamaredon Infection: From Dropper to Entry. Retriev…

…ra, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020. CERT-EE. (2021, January 27). Gamaredon Infection: From Dropper to Entry. Retrieved February 17, 2022. Schwarz, D. et al. (2019, October 16). TA505 Distributes New SD…