…27 Threat Group-3390 Threat Group-3390 has used PowerShell for execution. [182] G0076 Thrip Thrip leveraged PowerShell to run commands to download payloads, traverse the compromised networks, and carry out reconnaissance. [183] G0131 Tonto Team Tonto Team has used PowerShell to d…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…

…reat Group-3390 Threat Group-3390 has used PowerShell for execution. [260] [57] G0076 Thrip Thrip leveraged PowerShell to run commands to download payloads, traverse the compromised networks, and carry out reconnaissance. [261] G1022 ToddyCat ToddyCat has used Powershell scripts …

…reat Group-3390 Threat Group-3390 has used PowerShell for execution. [307] [63] G0076 Thrip Thrip leveraged PowerShell to run commands to download payloads, traverse the compromised networks, and carry out reconnaissance. [308] G1022 ToddyCat ToddyCat has used Powershell scripts …

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Per…

…ump , Mimikatz , gsecdump , NBTscan , and Windows Credential Editor . [60] [61] G0076 Thrip Thrip has obtained and used tools such as Mimikatz and PsExec . [62] G0010 Turla Turla has obtained and customized publicly-available tools like Mimikatz . [63] G0107 Whitefly Whitefly has…

…Gholish SocGholish can exfiltrate data directly to its C2 domain via HTTP. [32] G0076 Thrip Thrip has used WinSCP to exfiltrate data from a targeted organization over FTP. [33] S1116 WARPWIRE WARPWIRE can send captured credentials to C2 via HTTP GET or POST requests. [34] [35] S0…