…hines. [198] S0553 MoleNet MoleNet can use PowerShell to set persistence. [199] G0021 Molerats Molerats used PowerShell implants on target machines. [200] S0256 Mosquito Mosquito can launch PowerShell Scripts. [201] G1019 MoustachedBouncer MoustachedBouncer has used plugins to ex…

…Mofang has also encrypted payloads before they are downloaded to victims. [201] G0021 Molerats Molerats has delivered compressed executables within ZIP files to victims. [202] S0284 More_eggs More_eggs 's payload has been encrypted with a key that has the hostname and processor f…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…

…s a function for decrypting data containing C2 configuration information. [115] G0021 Molerats Molerats decompresses ZIP files once on the victim machine. [116] S0284 More_eggs More_eggs will decode malware components that are then dropped to the system. [117] G0069 MuddyWater Mu…

…ofang Mofang delivered spearphishing emails with malicious links included. [80] G0021 Molerats Molerats has sent phishing emails with malicious links included. [81] G0069 MuddyWater MuddyWater has sent targeted spearphishing e-mails with malicious links. [82] [83] [84] G0129 Must…

…hines. [170] S0553 MoleNet MoleNet can use PowerShell to set persistence. [171] G0021 Molerats Molerats used PowerShell implants on target machines. [172] S0256 Mosquito Mosquito can launch PowerShell Scripts. [173] G1019 MoustachedBouncer MoustachedBouncer has used plugins to ex…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. F-Secure Lab…

…rphishing emails with malicious documents, PDFs, or Excel files attached. [155] G0021 Molerats Molerats has sent phishing emails with malicious Microsoft Word and PDF attachments. [156] [157] [158] G1036 Moonstone Sleet Moonstone Sleet delivered various payloads to victims as spe…

…ils required a user to click the link to connect to a compromised website. [62] G0021 Molerats Molerats has sent malicious links via email trick users into opening a RAR archive and running an executable. [63] [64] G0069 MuddyWater MuddyWater has distributed URLs in phishing e-ma…

… [112] [113] S0553 MoleNet MoleNet can use PowerShell to set persistence. [114] G0021 Molerats Molerats used PowerShell implants on target machines. [115] S0256 Mosquito Mosquito can launch PowerShell Scripts. [116] G0069 MuddyWater MuddyWater has used PowerShell for execution. […

…Mofang has also encrypted payloads before they are downloaded to victims. [138] G0021 Molerats Molerats has delivered compressed executables within ZIP files to victims. [139] G1036 Moonstone Sleet Moonstone Sleet has used encrypted payloads within files for follow-on execution a…

…rphishing emails with malicious documents, PDFs, or Excel files attached. [119] G0021 Molerats Molerats has sent phishing emails with malicious Microsoft Word and PDF attachments. [120] [121] [122] G0069 MuddyWater MuddyWater has compromised third parties and used compromised acc…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. Roccia, T., …

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Insikt Group…

…[114] S0553 MoleNet MoleNet can download additional payloads from the C2. [186] G0021 Molerats Molerats used executables to download malicious files from different sources. [361] [362] S1026 Mongall Mongall can download files to targeted systems. [363] G1036 Moonstone Sleet Moons…