…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. Roccia, T., …
…eates run key Registry entries pointing to malicious DLLs dropped to disk. [44] G0060 BRONZE BUTLER BRONZE BUTLER has used a batch script that adds a Registry Run key to establish malware persistence. [45] S0471 build_downer build_downer has the ability to add itself to the Regis…
… Graph API. [49] S0635 BoomBox BoomBox has used HTTP POST requests for C2. [50] G0060 BRONZE BUTLER BRONZE BUTLER malware has used HTTP for C2. [51] S1063 Brute Ratel C4 Brute Ratel C4 can use HTTPS and HTTPS for C2 communication. [52] [53] S0043 BUBBLEWRAP BUBBLEWRAP can communi…
…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Mercer, W, et al. (2020, April 16). PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors. Retrieved April 27, 2020. Gorelik, M.. (…
…execute arbitrary commands and utilize the "ComSpec" environment variable. [59] G0060 BRONZE BUTLER BRONZE BUTLER has used batch scripts and the command-line interface for execution. [60] S1063 Brute Ratel C4 Brute Ratel C4 can use cmd.exe for execution. [61] S1039 Bumblebee Bumb…
…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Kasza, A., H…
…eates run key Registry entries pointing to malicious DLLs dropped to disk. [51] G0060 BRONZE BUTLER BRONZE BUTLER has used a batch script that adds a Registry Run key to establish malware persistence. [52] S0471 build_downer build_downer has the ability to add itself to the Regis…
…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Insikt Group. (2020, July 28). CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS. Retri…
…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Insikt Group…
…eates run key Registry entries pointing to malicious DLLs dropped to disk. [51] G0060 BRONZE BUTLER BRONZE BUTLER has used a batch script that adds a Registry Run key to establish malware persistence. [52] S0471 build_downer build_downer has the ability to add itself to the Regis…
…FireEye Threat Intelligence. (2015, July 13). Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak. Retrieved January 25, 2016. Quinn, J. (2019, March 25). The odd case of a Gh0stRAT variant. Retrieved July 15, 20…
…ucts. [7] S0252 Brave Prince Brave Prince terminates antimalware processes. [8] G0060 BRONZE BUTLER BRONZE BUTLER has incorporated code into several tools that attempts to terminate anti-virus processes. [9] S0482 Bundlore Bundlore can change browser security settings to enable e…
…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Per…
…ownload files. [64] S0204 Briba Briba downloads files onto infected hosts. [65] G0060 BRONZE BUTLER BRONZE BUTLER has used various tools to download files, including DGet (a similar tool to wget). [66] S0471 build_downer build_downer has the ability to download files from C2 to t…
…ts. [18] S0252 Brave Prince Brave Prince terminates antimalware processes. [19] G0060 BRONZE BUTLER BRONZE BUTLER has incorporated code into several tools that attempts to terminate anti-virus processes. [20] S0482 Bundlore Bundlore can change browser security settings to enable …