…24, G1026, G1036–G1037, dragomeljskega žarnogrobiščnega naselja in prav tako ne G1048, G1051, G1055–G1056, G1064 in G1066), žrmlje z večino ostalih radiokarbonskih datacij, pri katerih je bila (G995), terilnik (G985) in dva bronasta predmeta (G1432, pričakovana poznobronastodobna…

… the Triton Safety Instrumented System Attack , TEMP.Veles used Mimikatz. [106] G1048 UNC3886 UNC3886 has used MiniDump to dump process memory and search for cleartext credentials. [107] G1017 Volt Typhoon Volt Typhoon has attempted to access hashed credentials from the LSASS pro…

…vulnerabilities in the VBoxDrv.sys driver to obtain kernel mode privileges. [2] G1048 UNC3886 UNC3886 has exploited zero-day vulnerability CVE-2023-20867 to enable execution of privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs. [45] G1017 Volt Typhoon Vo…

…] Turla has also used PowerShell scripts to load and execute malware in memory. G1048 UNC3886 UNC3886 has used a PowerShell script to search memory dumps for credentials. [317] S0386 Ursnif Ursnif droppers have used PowerShell in download cradles to download and execute the malwa…

…opped as a DLL file and executed via rundll32.exe by its installer. [121] [122] G1048 UNC3886 UNC3886 has used rundll32.exe to execute MiniDump for dumping LSASS process memory. [123] S0452 USBferry USBferry can execute rundll32.exe in memory to avoid detection. [124] C0037 Water…

…y amsi.dll, in PowerShell scripts to bypass Windows antimalware products. [144] G1048 UNC3886 UNC3886 has disabled OpenSSL digital signature verification of system files through corruption of boot files. [145] S0130 Unknown Logger Unknown Logger has functionality to disable secur…