…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Sygnia Team. (2024, June 3). China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence. Retrieved March 14, 2025. Kaspersky Lab's Global Researc…

…scacheutil -q group on macOS, and ldapsearch on Linux can list domain users and groups. PowerShell cmdlets including Get-ADUser and Get-ADGroupMember may enumerate members of Active Directory groups. [1] ID: T1087.002 Sub-technique of: T1087 Tactic: Discovery Platforms: Linux, Wi…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Mercer, W, et al. (2020, April 16). PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors. Retrieved April 27, 2020. Gorelik, M.. (…

…shnya has obtained and used tools such as Impacket , Winexe , and PsExec . [31] G0035 Dragonfly Dragonfly has obtained and used tools such as Mimikatz , CrackMapExec , and PsExec . [32] G0137 Ferocious Kitten Ferocious Kitten has obtained open source tools for its operations, inc…

…screen of the victim’s machine and take control of the mouse and keyboard. [26] G0035 Dragonfly Dragonfly has moved laterally via RDP. [27] G0051 FIN10 FIN10 has used RDP to move laterally to systems in the victim environment. [28] G1016 FIN13 FIN13 has remotely accessed compromi…

…emote Desktop Users group membership regularly. Remove unnecessary accounts and groups from Remote Desktop Users groups. M1042 Disable or Remove Feature or Program Disable the RDP service if it is unnecessary. M1035 Limit Access to Resource Over Network Use remote desktop gateway…

…been delivered via spearphishing emails that contain a malicious zip file. [78] G0035 Dragonfly Dragonfly has sent emails with malicious attachments to gain initial access. [79] G0066 Elderwood Elderwood has delivered zero-day exploits and malware to victims via targeted emails c…

…te server instances to facilitate use of malicious domains and other items. [9] G0035 Dragonfly Dragonfly has acquired VPS infrastructure for use in malicious campaigns. [10] G1003 Ember Bear Ember Bear has used virtual private servers (VPSs) to host tools, perform reconnaissance…

…e server instances to facilitate use of malicious domains and other items. [12] G0035 Dragonfly Dragonfly has acquired VPS infrastructure for use in malicious campaigns. [13] G1003 Ember Bear Ember Bear has used virtual private servers (VPSs) to host tools, perform reconnaissance…

…s on hotel login portals to redirect selected victims to download malware. [26] G0035 Dragonfly Dragonfly has compromised targets via strategic web compromise (SWC) utilizing a custom exploit kit. [27] [28] [29] G1006 Earth Lusca Earth Lusca has performed watering hole attacks. […

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Per…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. Roccia, T., …

…0105 DarkVishnya DarkVishnya used brute-force attack to obtain login data. [12] G0035 Dragonfly Dragonfly has attempted to brute force credentials to gain access. [13] G1003 Ember Bear Ember Bear used the su-bruteforce tool to brute force specific users using the su command. [14]…

…FireEye Threat Intelligence. (2015, July 13). Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak. Retrieved January 25, 2016. Quinn, J. (2019, March 25). The odd case of a Gh0stRAT variant. Retrieved July 15, 20…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015. CISA. (2023, December 18). #Stop…