…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Unit 42. (2022, February 25). Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot. Ret…

… Clambling Clambling can send files from a victim's machine to Dropbox. [8] [9] G0142 Confucius Confucius has exfiltrated victim data to cloud storage service accounts. [10] S1023 CreepyDrive CreepyDrive can use cloud services including OneDrive for data exfiltration. [11] S0538 …

…154 Cobalt Strike Cobalt Strike can explore files on a compromised system. [86] G0142 Confucius Confucius has used a file stealer that checks the Document, Downloads, Desktop, and Picture folders for documents and images with specific extensions. [87] S0575 Conti Conti can discov…

…tem. [97] S0244 Comnie Comnie collects the hostname of the victim machine. [98] G0142 Confucius Confucius has used a file stealer that can examine system drives, including those other than the C drive. [99] S0137 CORESHELL CORESHELL collects hostname, volume serial number and OS …

…rs Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Carbon Black Thre…