…t. 11: 2, 17 itd.; Koprivnik 2021, t. 1: 8, t. 2: 1–2, 5, 10–12) do nim ustjem (G1030). Oblikovno je blizu loncu z navznoter prekmurskega grobišča Gorice (Plestenjak 2010, G97). uvihanim ustjem in dvema držajema na najširšem delu oste- nja (prim. zgoraj G764; sl. 107), le da je m…

G1030 Agrius Agrius tunnels RDP traffic through deployed web shells to access victim environments via compromised accounts. [3] Agrius used the Plink tool to tunnel RDP connections for remote access and lateral movement in victim environments. [4] G0006 APT1 The APT1 group is kno…

…emote Desktop Users group membership regularly. Remove unnecessary accounts and groups from Remote Desktop Users groups. M1042 Disable or Remove Feature or Program Disable the RDP service if it is unnecessary. M1035 Limit Access to Resource Over Network Use remote desktop gateway…

…ESHELL ADVSTORESHELL can create a remote shell and run a given command. [8] [9] G1030 Agrius Agrius uses ASPXSpy web shells to enable follow-on command execution via cmd.exe . [10] S1129 Akira Akira executes from the Windows command line and can take various arguments for executi…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Kasza, A., H…

…ndworm Team deployed the Neo-REGEORG webshell on an internet-facing server. [3] G1030 Agrius Agrius typically deploys a variant of the ASPXSpy web shell following initial access via exploitation. [4] G0007 APT28 APT28 has used a modified and obfuscated version of the reGeorg web …

…pril 2025 Version Permalink Live Version Procedure Examples ID Name Description G1030 Agrius Agrius engaged in password spraying via SMB in victim environments. [3] G0007 APT28 APT28 has used a brute-force/password-spray tooling that operated in two modes: in password-spraying mo…

…Team used a script to attempt RPC authentication against a number of hosts. [2] G1030 Agrius Agrius engaged in various brute forcing activities via SMB in victim environments. [3] G0007 APT28 APT28 can perform brute force attacks to obtain credentials. [4] [1] [5] G0082 APT38 APT…

G1030 Agrius Agrius used the open-source port scanner WinEggDrop to perform detailed scans of hosts of interest in victim networks. [4] G0050 APT32 APT32 performed network scanning on the network to search for open ports, services, OS finger-printing, and other vulnerabilities. […

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Unit 42. (2022, February 25). Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot. Ret…

…has the capability to kill any running analysis processes and AV software. [13] G1030 Agrius Agrius used several mechanisms to try to disable security tools. Agrius attempted to modify EDR-related services to disable auto-start on system reboot. Agrius used a publicly available d…

…ed account. Do not put user or admin domain accounts in the local administrator groups across systems unless they are tightly controlled and use of accounts is segmented, as this is often equivalent to having a local administrator account with the same password on all systems. Fo…

…has the capability to kill any running analysis processes and AV software. [16] G1030 Agrius Agrius used several mechanisms to try to disable security tools. Agrius attempted to modify EDR-related services to disable auto-start on system reboot. Agrius used a publicly available d…

…ck , Sandworm Team used Mimikatz to capture and use legitimate credentials. [6] G1030 Agrius Agrius used tools such as Mimikatz to dump LSASS memory to capture credentials in victim environments. [7] G0006 APT1 APT1 has been known to use credential dumping using Mimikatz . [8] G0…

…rs Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. CISA. (2023, Dece…