…SingleFile and HTTrack to copy login pages of targeted organizations. [57] [58] G0088 TEMP.Veles TEMP.Veles has obtained and used tools such as Mimikatz and PsExec . [59] G0027 Threat Group-3390 Threat Group-3390 has obtained and used tools such as Impacket , pwdump , Mimikatz , …

… G0139 TeamTNT TeamTNT has executed PowerShell commands in batch scripts. [179] G0088 TEMP.Veles TEMP.Veles has used a publicly-available PowerShell-based tool, WMImplant. [180] The group has also used PowerShell to perform Timestomp ing. [181] G0027 Threat Group-3390 Threat Grou…

…rse6.1 utility (based on Mimikatz ) to extract credentials from lsass.exe. [68] G0088 TEMP.Veles TEMP.Veles has used Mimikatz and a custom tool, SecHack, to harvest credentials. [69] G0027 Threat Group-3390 Threat Group-3390 actors have used a modified version of Mimikatz called …

…ad names that resembled legitimate Window file and directory names. [121] [100] G0088 TEMP.Veles TEMP.Veles has renamed files to look like legitimate files, such as Windows update files or Schneider Electric application files. [122] S0595 ThiefQuest ThiefQuest prepends a copy of …

…gr,Children's Campus/Branch 14 A7129 COMP2 Exempt Univ Advisement Specialist 13 G0088 RVIEW Exempt Field Supv,Bus Services 10 X6009 NONE Non-Exempt Bus Driver Trainee 07 X0028 RVIEW Non-Exempt Water Systems Tech,Pre-Cert 08 Z1015 NONE Non-Exempt Instructional Assistant 06 G0010 N…