…e za dragomeljske lonce z dolgim konič- in nekoliko odebeljeno (G804, G996–997, G1021, G1210), nim vratom, kakršen je G660, se torej nanašajo le na en trup je podolgovate (ovalne) oblike (G804, G1021). Okraše- tip žarnogrobiščnih »amfor« (Črešnar 2010, sl. 13: A1c) in so ni so z …

…era Chimera has encapsulated Cobalt Strike 's C2 protocol in DNS and HTTPS. [9] G1021 Cinnamon Tempest Cinnamon Tempest has used the Iox and NPS proxy and tunneling tools in combination create multiple connections through a single tunnel. [10] G0080 Cobalt Group Cobalt Group has …

…n$r=[%s]::%s(\"%s\",[ref] $i)\necho $r,$i\n to execute secondary payloads. [55] G1021 Cinnamon Tempest Cinnamon Tempest has used PowerShell to communicate with C2, download files, and execute reconnaissance commands. [56] S0660 Clambling The Clambling dropper can use PowerShell t…

…n$r=[%s]::%s(\"%s\",[ref] $i)\necho $r,$i\n to execute secondary payloads. [61] G1021 Cinnamon Tempest Cinnamon Tempest has used PowerShell to communicate with C2, download files, and execute reconnaissance commands. [62] S0660 Clambling The Clambling dropper can use PowerShell t…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…

…obalt Strike can recover hashed passwords. [1] Enterprise T1069 .001 Permission Groups Discovery Local Groups Cobalt Strike can use net localgroup to list local groups on a system. [2] .002 Permission Groups Discovery Domain Groups Cobalt Strike can identify targets by querying a…

…ransmission. [127] S0667 Chrommme Chrommme can download its code from C2. [128] G1021 Cinnamon Tempest Cinnamon Tempest has downloaded files, including Cobalt Strike , to compromised hosts. [129] S0054 CloudDuke CloudDuke downloads and executes additional malware from either a We…

…ransmission. [137] S0667 Chrommme Chrommme can download its code from C2. [138] G1021 Cinnamon Tempest Cinnamon Tempest has downloaded files, including Cobalt Strike , to compromised hosts. [139] S0054 CloudDuke CloudDuke downloads and executes additional malware from either a We…

…urveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society. Retrieved November 6, 2017. Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia a…

…er 's server component is capable of opening a command terminal. [74] [75] [76] G1021 Cinnamon Tempest Cinnamon Tempest has executed ransomware using batch scripts deployed via GPO. [77] S0660 Clambling Clambling can use cmd.exe for command execution. [78] S0611 Clop Clop can use…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Kasza, A., H…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Per…

… [33] G0114 Chimera Chimera has used WMIC to execute remote commands. [34] [35] G1021 Cinnamon Tempest Cinnamon Tempest has used Impacket for lateral movement via WMI. [36] [37] S0154 Cobalt Strike Cobalt Strike can use WMI to deliver a payload to a remote host. [38] [39] [29] S1…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015. CISA. (2023, December 18). #Stop…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Mercer, W, et al. (2020, April 16). PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors. Retrieved April 27, 2020. Gorelik, M.. (…