…scacheutil -q group on macOS, and ldapsearch on Linux can list domain users and groups. PowerShell cmdlets including Get-ADUser and Get-ADGroupMember may enumerate members of Active Directory groups. [1] ID: T1087.002 Sub-technique of: T1087 Tactic: Discovery Platforms: Linux, Wi…

…ed the Adobe Reader icon for the downloaded file to look more trustworthy. [91] G0033 Poseidon Group Poseidon Group tools attempt to spoof anti-virus processes as a means of self-defense. [92] G0056 PROMETHIUM PROMETHIUM has disguised malicious installer files by bundling them wi…

…rs Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018. Sherstobitoff, R., Malhotra, A., et. al.. (2018, December 18). Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure. Retrieved May 14, 2020. …

…has used Base64-encoded PowerShell scripts to disable Microsoft Defender. [201] G0033 Poseidon Group The Poseidon Group 's Information Gathering Tool (IGT) includes PowerShell components. [202] S0150 POSHSPY POSHSPY uses PowerShell to execute various commands, one to execute its …

…has used Base64-encoded PowerShell scripts to disable Microsoft Defender. [231] G0033 Poseidon Group The Poseidon Group 's Information Gathering Tool (IGT) includes PowerShell components. [232] S0150 POSHSPY POSHSPY uses PowerShell to execute various commands, one to execute its …

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…

…and storage of a legitimate EXE and the malicious DLLs. [157] [158] [159] [160] G0033 Poseidon Group Poseidon Group tools attempt to spoof anti-virus processes as a means of self-defense. [161] S1046 PowGoop PowGoop has used a DLL named Goopdate.dll to impersonate a legitimate Go…

…wmint Pillowmint has used a PowerShell script to install a shim database. [138] G0033 Poseidon Group The Poseidon Group 's Information Gathering Tool (IGT) includes PowerShell components. [139] S0150 POSHSPY POSHSPY uses PowerShell to execute various commands, one to execute its …

…DP network connections and associated processes using the netstat command. [51] G0033 Poseidon Group Poseidon Group obtains and saves information about victim network interfaces and addresses. [52] S0378 PoshC2 PoshC2 contains an implementation of netstat to enumerate TCP and UDP…

…ent Windows:Do not put user or admin domain accounts in the local administrator groups across systems unless they are tightly controlled, as this is often equivalent to having a local administrator account with the same password on all systems. Follow best practices for design an…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Kaspersky Lab's Global Research and Analysis Team. (2016, February 9). Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage. Retrieved M…