…26, G1036–G1037, dragomeljskega žarnogrobiščnega naselja in prav tako ne G1048, G1051, G1055–G1056, G1064 in G1066), žrmlje z večino ostalih radiokarbonskih datacij, pri katerih je bila (G995), terilnik (G985) in dva bronasta predmeta (G1432, pričakovana poznobronastodobna staros…

…owerShell for execution and privilege escalation. [186] [187] [188] [189] [190] G1051 Medusa Group Medusa Group has leveraged PowerShell for execution and defense evasion. [191] [192] [193] Medusa Group has also utilized PowerShell to execute a bitsadmin transfer from file hostin…

…agic Hound Magic Hound has modified Registry settings for security tools. [114] G1051 Medusa Group Medusa Group has modified Registry keys to elevate privileges, maintain persistence and allow remote access. [115] S0576 MegaCortex MegaCortex has added entries to the Registry for …

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Microsoft Threat Intelligence. (2024, October 31). Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network. Retrieved June…

… Monitoring feature and attempted to disable endpoint protection services. [87] G1051 Medusa Group Medusa Group has terminated antivirus services utilizing the gaze.exe executable and utilizing psexec.exe . [88] [89] [90] Medusa Group has also leveraged I/O control codes (IOCTLs)…

… the ability to upload and download files to and from a compromised host. [344] G1051 Medusa Group Medusa Group has leveraged certutil , PowerShell, and Windows Command to download additional tools to include RMM services. [345] Medusa Group has also engaged in "Bring Your Own Vu…

…gic Hound Magic Hound has used multiple web shells to gain execution. [47] [48] G1051 Medusa Group Medusa Group has utilized webshells to an exploited Microsoft Exchange Server. [49] G1009 Moses Staff Moses Staff has dropped a web shell onto a compromised system. [50] G0129 Musta…

…crosoft Active Directory Domain Controller using Mimikatz . [64] [65] [66] [67] G1051 Medusa Group Medusa Group has leveraged Mimikatz to dump LSASS to harvest credentials. [68] S0002 Mimikatz Mimikatz performs credential dumping to obtain account and password information useful …

…infected machines, once before and once after the encryption process. [55] [56] G1051 Medusa Group Medusa Group has deleted recovery files such as shadow copies using vssadmin.exe . [57] [58] [59] [60] S1244 Medusa Ransomware Medusa Ransomware has deleted recovery files such as s…