…ntrusion operations. [60] [61] S0185 SEASHARPEE SEASHARPEE is a Web shell. [54] C0058 SharePoint ToolShell Exploitation During SharePoint ToolShell Exploitation , threat actors followed exploitation of SharePoint servers with installation of a malicious .aspx web shell (spinstall…

… and comsvcs.dll to dump Windows credentials from system memory. [97] [98] [99] C0058 SharePoint ToolShell Exploitation During SharePoint ToolShell Exploitation , threat actors used Mimikatz to dump LSASS memory. [100] G0091 Silence Silence has used the Farse6.1 utility (based on…

…to execute a PowerShell script to get information from the infected host. [271] C0058 SharePoint ToolShell Exploitation During SharePoint ToolShell Exploitation , threat actors used PowerShell to execute attacker-controlled encoded commands. [272] [273] [274] [275] S0546 SharpSta…