…strings such as debug messages in an apparent attempt to evade detection. [128] G0084 Gallmaker Gallmaker obfuscated shellcode used during execution. [129] G0047 Gamaredon Group Gamaredon Group has delivered self-extracting 7z archive files within malicious document attachments, …

… strings such as debug messages in an apparent attempt to evade detection. [79] G0084 Gallmaker Gallmaker obfuscated shellcode used during execution. [80] G0047 Gamaredon Group Gamaredon Group has delivered self-extracting 7z archive files within malicious document attachments. […

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. Insikt Group…

…has used spearphishing emails to send trojanized Microsoft Word documents. [85] G0084 Gallmaker Gallmaker sent emails with malicious Microsoft Office documents attached. [86] G0047 Gamaredon Group Gamaredon Group has delivered spearphishing emails with malicious attachments to ta…

…ely used spearphishing emails to send malicious Microsoft Word documents. [105] G0084 Gallmaker Gallmaker sent emails with malicious Microsoft Office documents attached. [106] G0047 Gamaredon Group Gamaredon Group has delivered spearphishing emails with malicious attachments to t…

…vement as well as for dumping credentials stored on compromised machines. [118] G0084 Gallmaker Gallmaker used PowerShell to download additional payloads and for execution. [119] G0047 Gamaredon Group Gamaredon Group has used obfuscated PowerShell scripts for staging. [120] S1117…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…

…vement as well as for dumping credentials stored on compromised machines. [127] G0084 Gallmaker Gallmaker used PowerShell to download additional payloads and for execution. [128] G0047 Gamaredon Group Gamaredon Group has used obfuscated PowerShell scripts for staging. [129] [130]…

…Word documents sent via email, which prompted the victim to enable macros. [69] G0084 Gallmaker Gallmaker sent victims a lure document with a warning that asked victims to "enable content" for execution. [70] G0047 Gamaredon Group Gamaredon Group has attempted to get users to cli…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Insikt Group…

…ovement as well as for dumping credentials stored on compromised machines. [84] G0084 Gallmaker Gallmaker used PowerShell to download additional payloads and for execution. [85] G0115 GOLD SOUTHFIELD GOLD SOUTHFIELD has staged and executed PowerShell scripts on compromised hosts.…

…rs Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. CISA. (2023, Dece…