…ort multiple actions including execution and defense evasion. [277] [278] [279] G1035 Winter Vivern Winter Vivern passed execution from document macros to PowerShell scripts during initial access operations. [280] Winter Vivern used batch scripts that called PowerShell commands a…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Kasza, A., H…

…ort multiple actions including execution and defense evasion. [327] [328] [329] G1035 Winter Vivern Winter Vivern passed execution from document macros to PowerShell scripts during initial access operations. [330] Winter Vivern used batch scripts that called PowerShell commands a…

… links embedded in e-mails to lure victims into executing malicious code. [121] G1035 Winter Vivern Winter Vivern has mimicked legitimate government-related domains to deliver malicious webpages containing links to documents or other content for user execution. [122] [123] G0102 …

…ackdoor through which remote attackers can open a command line interface. [391] G1035 Winter Vivern Winter Vivern distributed Windows batch scripts disguised as virus scanners to prompt download of malicious payloads using built-in system tools. [392] [393] G0102 Wizard Spider Wi…

… Windows has the ability to use encapsulated HTTP/S in C2 communications. [407] G1035 Winter Vivern Winter Vivern uses HTTP and HTTPS protocols for exfiltration and command and control activity. [408] [409] S1115 WIREFIRE WIREFIRE can respond to specific HTTP POST requests to /ap…

…rs Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Carbon Black Thre…

…classes chose as an appropriate last resting 4:2009, s. 3-8. place. The richest groups probably still preferred a Tarp, Peter 2010: Antropologisk rapport. HOM burial within the church itself. 1272 – Horsens Klosterkirke. Upubliceret The burials represent a section of a population…

…FireEye Threat Intelligence. (2015, July 13). Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak. Retrieved January 25, 2016. Pantazopoulos, N. (2018, April 17). Decoding network data from a Gh0st RAT variant. R…

…s can determine if the OS on a compromised host is newer than Windows XP. [456] G1035 Winter Vivern Winter Vivern script execution includes basic victim information gathering steps which are then transmitted to command and control servers. [457] G0102 Wizard Spider Wizard Spider …