…esidue (Micro Method) RR:D02-1193 D2007-Standard Test Method for Characteristic Groups in Rubber Extender and Processing Oils and Other Petroleum-Derived Oils by the Clay-Gel Absorption Chromatographic Method RR:D02-1195 D3240-Test Method for Undissolved Water In Aviation Turbine…

…delivered spearphishing emails with malicious attachments to targets. [87] [88] G0078 Gorgon Group Gorgon Group sent emails to victims with malicious Microsoft Office documents attached. [89] S0499 Hancitor Hancitor has been delivered via phishing emails with malicious attachment…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Per…

… users to click on Office attachments with malicious macros embedded. [71] [72] G0078 Gorgon Group Gorgon Group attempted to get users to launch malicious Microsoft Office attachments delivered via spearphishing emails. [73] S0531 Grandoreiro Grandoreiro has infected victims via …

…ith malicious attachments to targets. [107] [108] [109] [110] [111] [112] [113] G0078 Gorgon Group Gorgon Group sent emails to victims with malicious Microsoft Office documents attached. [114] S0499 Hancitor Hancitor has been delivered via phishing emails with malicious attachmen…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Insikt Group…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. F-Secure Lab…

…onents. [78] S0032 gh0st RAT gh0st RAT has altered the InstallTime subkey. [79] G0078 Gorgon Group Gorgon Group malware can deactivate security mechanisms in Microsoft Office by editing several keys and values under HKCU\Software\Microsoft\Office\ . [80] S0531 Grandoreiro Grandor…

…o disable Microsoft Outlook's security policies to disable macro warnings. [26] G0078 Gorgon Group Gorgon Group malware can attempt to disable security features in Microsoft Office and Windows Defender using the taskkill command. [27] S0531 Grandoreiro Grandoreiro can hook APIs, …

…o disable Microsoft Outlook's security policies to disable macro warnings. [43] G0078 Gorgon Group Gorgon Group malware can attempt to disable security features in Microsoft Office and Windows Defender using the taskkill command. [44] S0531 Grandoreiro Grandoreiro can hook APIs, …

…o disable Microsoft Outlook's security policies to disable macro warnings. [56] G0078 Gorgon Group Gorgon Group malware can attempt to disable security features in Microsoft Office and Windows Defender using the taskkill command. [57] S0531 Grandoreiro Grandoreiro can hook APIs, …

…encoded PowerShell stager to write to the Registry for persistence. [123] [124] G0078 Gorgon Group Gorgon Group malware can use PowerShell commands to download and execute a payload and open a decoy document on the victim’s machine. [125] S0417 GRIFFON GRIFFON has used PowerShell…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…

…encoded PowerShell stager to write to the Registry for persistence. [135] [136] G0078 Gorgon Group Gorgon Group malware can use PowerShell commands to download and execute a payload and open a decoy document on the victim’s machine. [137] S0417 GRIFFON GRIFFON has used PowerShell…

…249 Gold Dragon Gold Dragon establishes persistence in the Startup folder. [92] G0078 Gorgon Group Gorgon Group malware can create a .lnk file and add a Registry Run key to establish persistence. [93] S0531 Grandoreiro Grandoreiro can use run keys and create link files in the sta…