…t grobni pridatek, tako na drugem cev (G448, G475, G495, G818–G820, G920, G989, G1035). ruškem grobišču (Pahič 1957, t. 3: 2; Črešnar 2006, 123, sl. Med naselbinskimi najdbami iz starejše kulture žarnih gro- 28), na Hajdini (Müller-Karpe 1959, t. 117: 38), v Pobrežju bišč (13.–11…

…urveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society. Retrieved November 6, 2017. Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia a…

…up has downloaded an auxiliary program named ff.exe to infected machines. [538] G1035 Winter Vivern Winter Vivern executed PowerShell scripts to create scheduled tasks to retrieve remotely-hosted payloads. [539] S1115 WIREFIRE WIREFIRE has the ability to download files to comprom…

…up has downloaded an auxiliary program named ff.exe to infected machines. [600] G1035 Winter Vivern Winter Vivern executed PowerShell scripts to create scheduled tasks to retrieve remotely-hosted payloads. [601] S1115 WIREFIRE WIREFIRE has the ability to download files to comprom…

…ogram named ff.exe to search for specific documents on compromised hosts. [368] G1035 Winter Vivern Winter Vivern delivered malicious JavaScript payloads capable of listing folders and emails in exploited email servers. [369] S1065 Woody RAT Woody RAT can list all files and their…

…ed compromised websites to register custom URL schemes on a remote system. [68] G1035 Winter Vivern Winter Vivern created dedicated web pages mimicking legitimate government websites to deliver malicious fake anti-virus software. [69] Mitigations ID Mitigation Description M1048 A…

…ual Private Servers as control systems for devices within the ORB network. [12] G1035 Winter Vivern Winter Vivern used adversary-owned and -controlled servers to host web vulnerability scanning applications. [20] Mitigations ID Mitigation Description M1056 Pre-compromise This tec…

…ual Private Servers as control systems for devices within the ORB network. [15] G1035 Winter Vivern Winter Vivern used adversary-owned and -controlled servers to host web vulnerability scanning applications. [25] Mitigations ID Mitigation Description M1056 Pre-compromise This tec…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Unit 42. (2022, February 25). Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot. Ret…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. CISA. (2023, December 18). #StopRansomware: Play Ransomware AA23-352A. Retrieved September 24, 2024. Trend Micro Research. (2023, July 21). Ransomware Spotlight: Pla…

…Fortinet, Ivanti (formerly Pulse Secure), NETGEAR, Citrix, and Cisco. [91] [92] G1035 Winter Vivern Winter Vivern has exploited known and zero-day vulnerabilities in software usch as Roundcube Webmail servers and the "Follina" vulnerability. [93] [94] S0412 ZxShell ZxShell has be…

…ishing emails with attachment to harvest credentials and deliver malware. [264] G1035 Winter Vivern Winter Vivern leverages malicious attachments delivered via email for initial access activity. [265] [266] [267] G0090 WIRTE WIRTE has sent emails to intended victims with maliciou…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. Roccia, T., …

…system user information. [43] S0266 TrickBot TrickBot can identify the user and groups the user belongs to on a compromised host. [214] S0094 Trojan.Karagany Trojan.Karagany can gather information about the user on a compromised host. [215] G0081 Tropic Trooper Tropic Trooper use…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…