…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. Roccia, T., …

…lware using spearphishing emails with malicious HWP attachments. [31] [32] [33] G0082 APT38 APT38 has conducted spearphishing campaigns using malicious email attachments. [34] G0087 APT39 APT39 leveraged spearphishing emails with malicious attachments to initially compromise vict…

…ks to malicious HTML applications delivered via spearphishing emails. [10] [11] G0082 APT38 APT38 has used links to execute a malicious Visual Basic script. [12] G0087 APT39 APT39 has sent spearphishing emails in an attempt to lure users to click on a malicious link. [13] [14] S0…

…erShell to download files from the C2 server and run various scripts. [20] [21] G0082 APT38 APT38 has used PowerShell to execute commands and other operational tasks. [22] G0087 APT39 APT39 has used PowerShell to execute malicious code. [23] [24] G0096 APT41 APT41 leveraged Power…

…ility to identify the installed anti-virus product on the compromised host. [2] G0082 APT38 APT38 has identified security software, configurations, defensive tools, and sensors installed on a compromised system. [3] S0373 Astaroth Astaroth checks for the presence of Avast antivir…

…nd leveraged publicly-available tools for early intrusion activities. [14] [15] G0082 APT38 APT38 has obtained and used open-source tools such as Mimikatz . [16] G0087 APT39 APT39 has modified and used customized versions of publicly-available tools like PLINK and Mimikatz . [17]…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. F-Secure Lab…

… APT28 APT28 can perform brute force attacks to obtain credentials. [4] [1] [5] G0082 APT38 APT38 has used brute force techniques to attempt account access when passwords are unknown or when password hashes are unavailable. [6] G0087 APT39 APT39 has used Ncrack to reveal credenti…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Sygnia Team. (2024, June 3). China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence. Retrieved March 14, 2025. Kaspersky Lab's Global Researc…

… has sent spearphishing attachments attempting to get a user to open them. [23] G0082 APT38 APT38 has attempted to lure victims into enabling malicious macros within email attachments. [24] G0087 APT39 APT39 has sent spearphishing emails in an attempt to lure users to click on a …

…lware using spearphishing emails with malicious HWP attachments. [34] [35] [36] G0082 APT38 APT38 has conducted spearphishing campaigns using malicious email attachments. [37] G0087 APT39 APT39 leveraged spearphishing emails with malicious attachments to initially compromise vict…

…APT37 APT37 injects its malware variant, ROKRAT , into the cmd.exe process. [7] G0082 APT38 APT38 has injected malicious payloads into the explorer.exe process. [8] G0096 APT41 APT41 malware TIDYELF loaded the main WINTERLOVE component by injecting it into the iexplore.exe proces…

…ckdoor has used Windows services as a way to execute its malicious payload. [5] G0082 APT38 APT38 has created new services or modified existing ones to run executables, commands, or scripts. [6] G0087 APT39 APT39 has used post-exploitation tools including RemCom and the Non-sucki…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Insikt Group…