…– tja pr. n. št. (sl. 176). Ta datacija se ne ujema z najdbami iz G1018, G1020, G1022, G1024, G1026, G1036–G1037, dragomeljskega žarnogrobiščnega naselja in prav tako ne G1048, G1051, G1055–G1056, G1064 in G1066), žrmlje z večino ostalih radiokarbonskih datacij, pri katerih je bi…

…scacheutil -q group on macOS, and ldapsearch on Linux can list domain users and groups. PowerShell cmdlets including Get-ADUser and Get-ADGroupMember may enumerate members of Active Directory groups. [1] ID: T1087.002 Sub-technique of: T1087 Tactic: Discovery Platforms: Linux, Wi…

…Threat Group-3390 Threat Group-3390 has exfiltrated stolen data to Dropbox. [8] G1022 ToddyCat ToddyCat has used a DropBox uploader to exfiltrate stolen files. [28] G0010 Turla Turla has used WebDAV to upload stolen USB files to a cloud drive. [35] Turla has also exfiltrated stol…

…obalt Strike can recover hashed passwords. [1] Enterprise T1069 .001 Permission Groups Discovery Local Groups Cobalt Strike can use net localgroup to list local groups on a system. [2] .002 Permission Groups Discovery Domain Groups Cobalt Strike can identify targets by querying a…

…reat Group-3390 A Threat Group-3390 tool can use WMI to execute a binary. [156] G1022 ToddyCat ToddyCat has used WMI to execute scripts for post exploit document collection. [157] S0386 Ursnif Ursnif droppers have used WMI classes to execute PowerShell commands. [158] S0476 Valak…

…ed account. Do not put user or admin domain accounts in the local administrator groups across systems unless they are tightly controlled and use of accounts is segmented, as this is often equivalent to having a local administrator account with the same password on all systems. Fo…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. CISA. (2023, December 18). #StopRansomware: Play Ransomware AA23-352A. Retrieved September 24, 2024. Trend Micro Research. (2023, July 21). Ransomware Spotlight: Pla…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…

…55, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 in Exchange Server. [86] G1022 ToddyCat ToddyCat has exploited the ProxyLogon vulnerability (CVE-2021-26855) to compromise Exchange Servers at multiple organizations. [87] C0039 Versa Director Zero Day Exploitation Versa Dire…

…55, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 in Exchange Server. [77] G1022 ToddyCat ToddyCat has exploited the ProxyLogon vulnerability (CVE-2021-26855) to compromise Exchange Servers at multiple organizations. [78] G0123 Volatile Cedar Volatile Cedar has targeted publ…

…ayloads, traverse the compromised networks, and carry out reconnaissance. [261] G1022 ToddyCat ToddyCat has used Powershell scripts to perform post exploit collection. [262] G0131 Tonto Team Tonto Team has used PowerShell to download additional payloads. [263] S0266 TrickBot Tric…

…ayloads, traverse the compromised networks, and carry out reconnaissance. [308] G1022 ToddyCat ToddyCat has used Powershell scripts to perform post exploit collection. [309] G0131 Tonto Team Tonto Team has used PowerShell to download additional payloads. [310] S1201 TRANSLATEXT T…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Kasza, A., H…

…. [365] S0004 TinyZBot TinyZBot supports execution from the command-line. [366] G1022 ToddyCat ToddyCat has used .bat scripts and cmd for execution on compromised hosts. [367] S0266 TrickBot TrickBot has used macros in Excel documents to download and deploy the malware on the use…

…rs Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018. Volexity Threat Research. (2024, April 12). Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400). Retrieved Nov…