…melette has collected data and other information from a compromised host. [114] G0038 Stealth Falcon Stealth Falcon malware gathers data from the local victim system. [115] S0559 SUNBURST SUNBURST collected information from a compromised host. [116] [117] S0011 Taidoor Taidoor ca…

… S0390 SQLRat SQLRat has used PowerShell to create a Meterpreter session. [171] G0038 Stealth Falcon Stealth Falcon malware uses PowerShell commands to perform various functions, including gathering system information via WMI and executing commands from its C2 server. [172] S0491…

…29 used WMI for the remote execution of files for lateral movement. [147] [148] G0038 Stealth Falcon Stealth Falcon malware gathers system information via Windows Management Instrumentation (WMI). [149] S0380 StoneDrill StoneDrill has used the WMI command-line (WMIC) utility to r…

…rs Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018. Volexity Threat Research. (2024, April 12). Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400). Retrieved Nov…

…elwaffle Squirrelwaffle has used PowerShell to execute its payload. [249] [250] G0038 Stealth Falcon Stealth Falcon malware uses PowerShell commands to perform various functions, including gathering system information via WMI and executing commands from its C2 server. [251] S0491…

…has the ability to query the Registry to detect a key specific to VMware. [102] G0038 Stealth Falcon Stealth Falcon malware attempts to determine the installed version of .NET by querying the Registry. [103] S0380 StoneDrill StoneDrill has looked in the registry to find the defau…

…system user information. [43] S0266 TrickBot TrickBot can identify the user and groups the user belongs to on a compromised host. [214] S0094 Trojan.Karagany Trojan.Karagany can gather information about the user on a compromised host. [215] G0081 Tropic Trooper Tropic Trooper use…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…

… SpicyOmelette SpicyOmelette can identify the IP of a compromised system. [174] G0038 Stealth Falcon Stealth Falcon malware gathers the Address Resolution Protocol (ARP) table from the victim. [175] S0491 StrongPity StrongPity can identify the IP address of a compromised host. [1…

… POST and GET requests over HTTP to communicate with its main C&C server. [249] G0038 Stealth Falcon Stealth Falcon malware communicates with its C2 server via HTTPS. [250] S0491 StrongPity StrongPity can use HTTP and HTTPS in C2 communications. [251] [252] S0603 Stuxnet Stuxnet …

…elwaffle Squirrelwaffle has used PowerShell to execute its payload. [291] [292] G0038 Stealth Falcon Stealth Falcon malware uses PowerShell commands to perform various functions, including gathering system information via WMI and executing commands from its C2 server. [293] G1053…

… STARWHALE has the ability to collect the IP address of an infected host. [241] G0038 Stealth Falcon Stealth Falcon malware gathers the Address Resolution Protocol (ARP) table from the victim. [242] S0491 StrongPity StrongPity can identify the IP address of a compromised host. [2…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Horejsi, J. (2018, April 04). New MacOS Backdoor Linked to OceanLotus Found. Retrieved November 13, 2018. Magisa, L. (2020, November 27). New MacOS Backdoor Connecte…

…uests made to a targeted server to determine the next stage of execution. [284] G0038 Stealth Falcon Stealth Falcon malware communicates with its C2 server via HTTPS. [355] S0491 StrongPity StrongPity can use HTTP and HTTPS in C2 communications. [356] [357] S0603 Stuxnet Stuxnet …

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. Roccia, T., …