Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Преступная группа Threat Group-3390
CVE уязвимости
БДУ ФСТЭК уязвимости
НКЦКИ уязвимости
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Преступная группа
Threat Group-3390
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

Threat Group-3390

Threat Group-3390 is a Chinese threat group that has extensively used strategic Web compromises to target victims.(Citation: Dell TG-3390) The group has been active since at least 2010 and has targeted organizations in the aerospace, government, defense, technology, energy, manufacturing and gambling/betting sectors.(Citation: SecureWorks BRONZE UNION June 2017)(Citation: Securelist LuckyMouse June 2018)(Citation: Trend Micro DRBControl February 2020)
ID: G0027
Associated Groups: TG-3390, Emissary Panda, Iron Tiger, APT27, LuckyMouse, BRONZE UNION, Earth Smilodon
Version: 2.0
Created: 31 May 2017
Last Modified: 11 Apr 2022

Associated Group Descriptions
Name Description
TG-3390 (Citation: Dell TG-3390)(Citation: Nccgroup Emissary Panda May 2018)(Citation: Hacker News LuckyMouse June 2018)
Emissary Panda (Citation: Gallagher 2015)(Citation: Nccgroup Emissary Panda May 2018)(Citation: Securelist LuckyMouse June 2018)(Citation: Hacker News LuckyMouse June 2018)(Citation: Unit42 Emissary Panda May 2019)(Citation: Trend Micro Iron Tiger April 2021)
Iron Tiger (Citation: Hacker News LuckyMouse June 2018)(Citation: Trend Micro Iron Tiger April 2021)
APT27 (Citation: Nccgroup Emissary Panda May 2018)(Citation: Securelist LuckyMouse June 2018)(Citation: Hacker News LuckyMouse June 2018)(Citation: Trend Micro Iron Tiger April 2021)
LuckyMouse (Citation: Securelist LuckyMouse June 2018)(Citation: Hacker News LuckyMouse June 2018)(Citation: Trend Micro Iron Tiger April 2021)
BRONZE UNION (Citation: SecureWorks BRONZE UNION June 2017)(Citation: Nccgroup Emissary Panda May 2018)
Earth Smilodon (Citation: Trend Micro Iron Tiger April 2021)

Techniques Used
Domain ID Name Use
Enterprise T1548 .002 Abuse Elevation Control Mechanism: Bypass User Account Control

A Threat Group-3390 tool can use a public UAC bypass method to elevate privileges.(Citation: Nccgroup Emissary Panda May 2018)
Enterprise T1087 .001 Account Discovery: Local Account

Threat Group-3390 has used net user to conduct internal discovery of systems.(Citation: SecureWorks BRONZE UNION June 2017)
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Threat Group-3390 malware has used HTTP for C2.(Citation: Securelist LuckyMouse June 2018)
Enterprise T1560 .002 Archive Collected Data: Archive via Library

Threat Group-3390 has used RAR to compress, encrypt, and password-protect files prior to exfiltration.(Citation: SecureWorks BRONZE UNION June 2017)
Enterprise T1547 .001 Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

A Threat Group-3390 tool can add the binary’s path to the Registry key Software\Microsoft\Windows\CurrentVersion\Run to add persistence.(Citation: Nccgroup Emissary Panda May 2018)
Enterprise T1059 .001 Command and Scripting Interpreter: PowerShell

Threat Group-3390 has used PowerShell for execution.(Citation: SecureWorks BRONZE UNION June 2017)(Citation: Trend Micro DRBControl February 2020)
.003 Command and Scripting Interpreter: Windows Command Shell

Threat Group-3390 has used command-line interfaces for execution.(Citation: SecureWorks BRONZE UNION June 2017)(Citation: Unit42 Emissary Panda May 2019)

Enterprise T1543 .003 Create or Modify System Process: Windows Service

A Threat Group-3390 tool can create a new service, naming it after the config information, to gain persistence.(Citation: Nccgroup Emissary Panda May 2018)
Enterprise T1555 .005 Credentials from Password Stores: Password Managers

Threat Group-3390 obtained a KeePass database from a compromised host.(Citation: Trend Micro DRBControl February 2020)
Enterprise T1074 .001 Data Staged: Local Data Staging

Threat Group-3390 has locally staged encrypted archives for later exfiltration efforts.(Citation: SecureWorks BRONZE UNION June 2017)
.002 Data Staged: Remote Data Staging

Threat Group-3390 has moved staged encrypted archives to Internet-facing servers that had previously been compromised with China Chopper prior to exfiltration.(Citation: SecureWorks BRONZE UNION June 2017)

Enterprise T1567 .002 Exfiltration Over Web Service: Exfiltration to Cloud Storage

Threat Group-3390 has exfiltrated stolen data to Dropbox.(Citation: Trend Micro DRBControl February 2020)
Enterprise T1574 .001 Hijack Execution Flow: DLL Search Order Hijacking

Threat Group-3390 has performed DLL search order hijacking to execute their payload.(Citation: Nccgroup Emissary Panda May 2018)
.002 Hijack Execution Flow: DLL Side-Loading

Threat Group-3390 has used DLL side-loading, including by using legitimate Kaspersky antivirus variants in which the DLL acts as a stub loader that loads and executes the shell code.(Citation: Dell TG-3390)(Citation: SecureWorks BRONZE UNION June 2017)(Citation: Securelist LuckyMouse June 2018)(Citation: Unit42 Emissary Panda May 2019)

Enterprise T1562 .002 Impair Defenses: Disable Windows Event Logging

Threat Group-3390 has used appcmd.exe to disable logging on a victim server.(Citation: SecureWorks BRONZE UNION June 2017)
Enterprise T1070 .004 Indicator Removal: File Deletion

Threat Group-3390 has deleted existing logs and exfiltrated file archives from a victim.(Citation: SecureWorks BRONZE UNION June 2017)(Citation: Trend Micro DRBControl February 2020)
.005 Indicator Removal: Network Share Connection Removal

Threat Group-3390 has detached network shares after exfiltrating files, likely to evade detection.(Citation: SecureWorks BRONZE UNION June 2017)

Enterprise T1056 .001 Input Capture: Keylogging

Threat Group-3390 actors installed a credential logger on Microsoft Exchange servers. Threat Group-3390 also leveraged the reconnaissance framework, ScanBox, to capture keystrokes.(Citation: Dell TG-3390)(Citation: Hacker News LuckyMouse June 2018)(Citation: Securelist LuckyMouse June 2018)
Enterprise T1003 .001 OS Credential Dumping: LSASS Memory

Threat Group-3390 actors have used a modified version of Mimikatz called Wrapikatz to dump credentials. They have also dumped credentials from domain controllers.(Citation: Dell TG-3390)(Citation: SecureWorks BRONZE UNION June 2017)
.002 OS Credential Dumping: Security Account Manager

Threat Group-3390 actors have used gsecdump to dump credentials. They have also dumped credentials from domain controllers.(Citation: Dell TG-3390)(Citation: SecureWorks BRONZE UNION June 2017)

.004 OS Credential Dumping: LSA Secrets

Threat Group-3390 actors have used gsecdump to dump credentials. They have also dumped credentials from domain controllers.(Citation: Dell TG-3390)(Citation: SecureWorks BRONZE UNION June 2017)

Enterprise T1027 .002 Obfuscated Files or Information: Software Packing

Threat Group-3390 has packed malware and tools.(Citation: Trend Micro DRBControl February 2020)
Enterprise T1588 .002 Obtain Capabilities: Tool

Threat Group-3390 has obtained and used tools such as Impacket, pwdump, Mimikatz, gsecdump, NBTscan, and Windows Credential Editor.(Citation: Unit42 Emissary Panda May 2019)(Citation: Dell TG-3390)
Enterprise T1566 .001 Phishing: Spearphishing Attachment

Threat Group-3390 has used e-mail to deliver malicious attachments to victims.(Citation: Trend Micro DRBControl February 2020)
Enterprise T1055 .012 Process Injection: Process Hollowing

A Threat Group-3390 tool can spawn svchost.exe and inject the payload into that process.(Citation: Nccgroup Emissary Panda May 2018)(Citation: Securelist LuckyMouse June 2018)
Enterprise T1021 .006 Remote Services: Windows Remote Management

Threat Group-3390 has used WinRM to enable remote execution.(Citation: SecureWorks BRONZE UNION June 2017)
Enterprise T1053 .002 Scheduled Task/Job: At

Threat Group-3390 actors use at to schedule tasks to run self-extracting RAR archives, which install HTTPBrowser or PlugX on other victims on a network.(Citation: Dell TG-3390)
Enterprise T1505 .003 Server Software Component: Web Shell

Threat Group-3390 has used a variety of Web shells.(Citation: Unit42 Emissary Panda May 2019)
Enterprise T1608 .001 Stage Capabilities: Upload Malware

Threat Group-3390 has hosted malicious payloads on Dropbox.(Citation: Trend Micro DRBControl February 2020)
.002 Stage Capabilities: Upload Tool

Threat Group-3390 has staged tools, including gsecdump and WCE, on previously compromised websites.(Citation: Dell TG-3390)

.004 Stage Capabilities: Drive-by Target

Threat Group-3390 has embedded malicious code into websites to screen a potential victim's IP address and then exploit their browser if they are of interest.(Citation: Gallagher 2015)

Enterprise T1195 .002 Supply Chain Compromise: Compromise Software Supply Chain

Threat Group-3390 has compromised the Able Desktop installer to gain access to victim's environments.(Citation: Trend Micro Iron Tiger April 2021)
Enterprise T1204 .002 User Execution: Malicious File

Threat Group-3390 has lured victims into opening malicious files containing malware.(Citation: Trend Micro DRBControl February 2020)

Software
ID Name References Techniques
S0039 Net (Citation: Microsoft Net Utility) (Citation: Savill 1999) (Citation: SecureWorks BRONZE UNION June 2017) Password Policy Discovery, Domain Groups, System Time Discovery, Domain Account, Local Account, System Service Discovery, Remote System Discovery, Network Share Discovery, System Network Connections Discovery, Network Share Connection Removal, Service Execution, Local Account, Local Groups, SMB/Windows Admin Shares, Domain Account
S0662 RCSession (Citation: Profero APT27 December 2020) (Citation: Secureworks BRONZE PRESIDENT December 2019) (Citation: Trend Micro DRBControl February 2020) (Citation: Trend Micro Iron Tiger April 2021) Encrypted Channel, Process Hollowing, Process Discovery, Msiexec, Screen Capture, Keylogging, Ingress Tool Transfer, Native API, Web Protocols, System Owner/User Discovery, File Deletion, Registry Run Keys / Startup Folder, Obfuscated Files or Information, Data from Local System, Non-Application Layer Protocol, System Information Discovery, Masquerading, Modify Registry, DLL Side-Loading, Windows Command Shell, Bypass User Account Control
S0160 certutil (Citation: TechNet Certutil) (Citation: Trend Micro DRBControl February 2020) Install Root Certificate, Deobfuscate/Decode Files or Information, Ingress Tool Transfer
S0005 Windows Credential Editor (Citation: Amplia WCE) (Citation: Dell TG-3390) LSASS Memory
S0357 Impacket (Citation: Impacket Tools) (Citation: Unit42 Emissary Panda May 2019) LLMNR/NBT-NS Poisoning and SMB Relay, Network Sniffing, Kerberoasting, NTDS, Service Execution, LSASS Memory, Windows Management Instrumentation, Security Account Manager, LSA Secrets
S0100 ipconfig (Citation: SecureWorks BRONZE UNION June 2017) (Citation: TechNet Ipconfig) System Network Configuration Discovery
S0057 Tasklist (Citation: Microsoft Tasklist) (Citation: Trend Micro DRBControl February 2020) Process Discovery, System Service Discovery, Security Software Discovery
S0104 netstat (Citation: TechNet Netstat) (Citation: Trend Micro DRBControl February 2020) System Network Connections Discovery
S0073 ASPXSpy (Citation: Dell TG-3390) (Citation: Profero APT27 December 2020) Web Shell
S0020 China Chopper (Citation: CISA AA21-200A APT40 July 2021) (Citation: Dell TG-3390) (Citation: FireEye Periscope March 2018) (Citation: Lee 2013) (Citation: Nccgroup Emissary Panda May 2018) (Citation: SecureWorks BRONZE UNION June 2017) (Citation: Unit42 Emissary Panda May 2019) Password Guessing, Data from Local System, Software Packing, Windows Command Shell, Web Protocols, Ingress Tool Transfer, Network Service Discovery, Timestomp, Web Shell, File and Directory Discovery
S0398 HyperBro (Citation: Hacker News LuckyMouse June 2018) (Citation: Securelist LuckyMouse June 2018) (Citation: Trend Micro DRBControl February 2020) (Citation: Trend Micro Iron Tiger April 2021) (Citation: Unit42 Emissary Panda May 2019) Process Injection, DLL Side-Loading, Web Protocols, Deobfuscate/Decode Files or Information, Service Execution, System Service Discovery, Screen Capture, Software Packing, Native API, Obfuscated Files or Information, Ingress Tool Transfer, File Deletion
S0013 PlugX (Citation: CIRCL PlugX March 2013) (Citation: Dell TG-3390) (Citation: DestroyRAT) (Citation: FireEye Clandestine Fox Part 2) (Citation: Kaba) (Citation: Korplug) (Citation: Lastline PlugX Analysis) (Citation: Nccgroup Emissary Panda May 2018) (Citation: New DragonOK) (Citation: Novetta-Axiom) (Citation: Profero APT27 December 2020) (Citation: SecureWorks BRONZE UNION June 2017) (Citation: Sogu) (Citation: Thoper) (Citation: Trend Micro DRBControl February 2020) (Citation: TVT) Modify Registry, File and Directory Discovery, Masquerade Task or Service, Hidden Files and Directories, Multiband Communication, Non-Application Layer Protocol, Keylogging, Dead Drop Resolver, DLL Side-Loading, Process Discovery, Query Registry, DLL Search Order Hijacking, Network Share Discovery, MSBuild, Web Protocols, Windows Service, Windows Command Shell, Ingress Tool Transfer, System Checks, System Network Connections Discovery, Match Legitimate Name or Location, Registry Run Keys / Startup Folder, Custom Command and Control Protocol, DNS, Screen Capture, Commonly Used Port, Symmetric Cryptography, Deobfuscate/Decode Files or Information, Native API, Obfuscated Files or Information
S0660 Clambling (Citation: Profero APT27 December 2020) (Citation: Trend Micro DRBControl February 2020) (Citation: Trend Micro Iron Tiger April 2021) Video Capture, Non-Application Layer Protocol, Hidden Files and Directories, Bidirectional Communication, Screen Capture, Time Based Evasion, Query Registry, File and Directory Discovery, Registry Run Keys / Startup Folder, Malicious File, Exfiltration to Cloud Storage, Obfuscated Files or Information, Service Execution, Process Injection, Spearphishing Attachment, Clipboard Data, Windows Command Shell, System Information Discovery, Network Share Discovery, Application Layer Protocol, Keylogging, Process Hollowing, Deobfuscate/Decode Files or Information, Process Discovery, System Time Discovery, Modify Registry, Web Protocols, Bypass User Account Control, Windows Service, System Owner/User Discovery, PowerShell, System Network Configuration Discovery, Data from Local System, DLL Side-Loading
S0096 Systeminfo (Citation: TechNet Systeminfo) (Citation: Trend Micro DRBControl February 2020) System Information Discovery
S0032 gh0st RAT (Citation: Arbor Musical Chairs Feb 2018) (Citation: FireEye Hacking Team) (Citation: Moudoor) (Citation: Mydoor) (Citation: Nccgroup Gh0st April 2018) (Citation: Novetta-Axiom) (Citation: Secureworks BRONZEUNION Feb 2019) Shared Modules, Modify Registry, Ingress Tool Transfer, Process Injection, Rundll32, Service Execution, DLL Side-Loading, Command and Scripting Interpreter, Query Registry, Deobfuscate/Decode Files or Information, Symmetric Cryptography, Non-Application Layer Protocol, Native API, Process Discovery, Windows Service, Registry Run Keys / Startup Folder, Clear Windows Event Logs, System Information Discovery, File Deletion, Screen Capture, Fast Flux DNS, Keylogging, Standard Encoding, Encrypted Channel
S0006 pwdump (Citation: Unit42 Emissary Panda May 2019) (Citation: Wikipedia pwdump) Security Account Manager
S0664 Pandora (Citation: Trend Micro Iron Tiger April 2021) Ingress Tool Transfer, DLL Side-Loading, Symmetric Cryptography, Exploitation for Privilege Escalation, Windows Service, Web Protocols, Process Discovery, Traffic Signaling, Obfuscated Files or Information, Service Execution, Code Signing Policy Modification, Process Injection, Modify Registry
S0154 Cobalt Strike (Citation: cobaltstrike manual) (Citation: Trend Micro DRBControl February 2020) Domain Fronting, Sudo and Sudo Caching, Code Signing, Scheduled Transfer, JavaScript, Remote Desktop Protocol, Native API, Pass the Hash, Domain Accounts, Indicator Removal from Tools, Bypass User Account Control, System Network Configuration Discovery, Service Execution, PowerShell, Web Protocols, Application Layer Protocol, Data from Local System, Disable or Modify Tools, Dynamic-link Library Injection, Local Accounts, Multiband Communication, Keylogging, Distributed Component Object Model, Process Discovery, BITS Jobs, Process Hollowing, Software Discovery, Local Accounts, BITS Jobs, Remote Desktop Protocol, Internal Proxy, Exploitation for Privilege Escalation, Screen Capture, Process Argument Spoofing, Modify Registry, Domain Groups, System Network Connections Discovery, Protocol Impersonation, Parent PID Spoofing, Token Impersonation/Theft, Protocol Tunneling, Windows Service, Visual Basic, Native API, Parent PID Spoofing, Process Injection, System Service Discovery, Timestomp, System Network Configuration Discovery, SSH, File and Directory Discovery, DNS, Token Impersonation/Theft, DNS, Bypass User Account Control, Process Hollowing, Scheduled Transfer, Security Account Manager, Local Groups, PowerShell, SSH, Python, Reflective Code Loading, Remote System Discovery, LSASS Memory, Screen Capture, Commonly Used Port, Query Registry, Domain Account, Data Transfer Size Limits, Network Service Discovery, Pass the Hash, Domain Accounts, Network Share Discovery, Web Protocols, Asymmetric Cryptography, Windows Command Shell, Process Injection, Browser Session Hijacking, Deobfuscate/Decode Files or Information, Remote System Discovery, Visual Basic, Protocol Tunneling, Exploitation for Privilege Escalation, Windows Management Instrumentation, Keylogging, Browser Session Hijacking, Windows Remote Management, Symmetric Cryptography, Non-Application Layer Protocol, Standard Encoding, Ingress Tool Transfer, Indicator Removal from Tools, Domain Account, Internal Proxy, Service Execution, Windows Remote Management, SMB/Windows Admin Shares, Rundll32, Windows Service, Application Layer Protocol, Python, SMB/Windows Admin Shares, Windows Management Instrumentation, Security Account Manager, Make and Impersonate Token, Exploitation for Client Execution, Network Service Discovery, Timestomp, Distributed Component Object Model, Multiband Communication, Commonly Used Port, Network Share Discovery, Custom Command and Control Protocol, Process Discovery, Make and Impersonate Token, Data from Local System, Office Template Macros, Windows Command Shell, Obfuscated Files or Information
S0002 Mimikatz (Citation: Adsecurity Mimikatz Guide) (Citation: Deply Mimikatz) (Citation: Nccgroup Emissary Panda May 2018) (Citation: Profero APT27 December 2020) (Citation: SecureWorks BRONZE UNION June 2017) (Citation: Talent-Jump Clambling February 2020) (Citation: Trend Micro DRBControl February 2020) DCSync, Credentials from Password Stores, Rogue Domain Controller, Private Keys, SID-History Injection, Security Support Provider, Pass the Hash, Account Manipulation, Pass the Ticket, Credentials from Web Browsers, Golden Ticket, Security Account Manager, LSASS Memory, Silver Ticket, Windows Credential Manager, Steal or Forge Authentication Certificates, LSA Secrets
S0008 gsecdump (Citation: Dell TG-3390) (Citation: TrueSec Gsecdump) Security Account Manager, LSA Secrets
S0590 NBTscan (Citation: Debian nbtscan Nov 2019) (Citation: Dell TG-3390) (Citation: FireEye APT39 Jan 2019) (Citation: SecTools nbtscan June 2003) (Citation: Symantec Waterbug Jun 2019) (Citation: Trend Micro DRBControl February 2020) System Owner/User Discovery, System Network Configuration Discovery, Network Sniffing, Network Service Discovery, Remote System Discovery
S0663 SysUpdate (Citation: FOCUSFJORD) (Citation: HyperSSL) (Citation: Soldier) (Citation: Trend Micro Iron Tiger April 2021) Deobfuscate/Decode Files or Information, File and Directory Discovery, Ingress Tool Transfer, Obfuscated Files or Information, System Information Discovery, Screen Capture, File Deletion, Modify Registry, Hidden Files and Directories, DLL Side-Loading, Registry Run Keys / Startup Folder, Software Packing, Service Execution, Windows Management Instrumentation, Windows Service
S0412 ZxShell (Citation: FireEye APT41 Aug 2019) (Citation: Secureworks BRONZEUNION Feb 2019) (Citation: Sensocode) (Citation: Talos ZxShell Oct 2014) VNC, System Information Discovery, Commonly Used Port, Proxy, Web Protocols, Non-Standard Port, Uncommonly Used Port, Credential API Hooking, File and Directory Discovery, Screen Capture, Query Registry, Data from Local System, System Owner/User Discovery, Exploit Public-Facing Application, Process Discovery, Network Service Discovery, Modify Registry, Clear Windows Event Logs, File Deletion, Disable or Modify System Firewall, Windows Service, File Transfer Protocols, Dynamic-link Library Injection, Windows Command Shell, Remote Desktop Protocol, Create Process with Token, Video Capture, Rundll32, Disable or Modify Tools, Local Account, Endpoint Denial of Service, Native API, Service Execution, Keylogging, System Service Discovery, Ingress Tool Transfer
S0070 HTTPBrowser (Citation: Dell TG-3390) (Citation: HttpDump) (Citation: Nccgroup Emissary Panda May 2018) (Citation: SecureWorks BRONZE UNION June 2017) (Citation: ThreatConnect Anthem) (Citation: ThreatStream Evasion Analysis) (Citation: Trend Micro Iron Tiger April 2021) Commonly Used Port, Ingress Tool Transfer, DLL Search Order Hijacking, Registry Run Keys / Startup Folder, Obfuscated Files or Information, Windows Command Shell, Match Legitimate Name or Location, DLL Side-Loading, DNS, File and Directory Discovery, Keylogging, Web Protocols, File Deletion

References

  1. Lunghi, D. and Lu, K. (2021, April 9). Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware. Retrieved November 12, 2021.
  2. Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.
  3. Pantazopoulos, N., Henry T. (2018, May 18). Emissary Panda – A potential new malicious tool. Retrieved June 25, 2018.
  4. Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019.
  5. Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.
  6. Counter Threat Unit Research Team. (2017, June 27). BRONZE UNION Cyberespionage Persists Despite Disclosures. Retrieved July 13, 2017.
  7. Global Threat Center, Intelligence Team. (2020, December). APT27 Turns to Ransomware. Retrieved November 12, 2021.
  8. Legezo, D. (2018, June 13). LuckyMouse hits national data center to organize country-level waterholing campaign. Retrieved August 18, 2018.
  9. Khandelwal, S. (2018, June 14). Chinese Hackers Carried Out Country-Level Watering Hole Attack. Retrieved August 18, 2018.
  10. Counter Threat Unit Research Team. (2019, February 27). A Peek into BRONZE UNION’s Toolbox. Retrieved September 24, 2019.
  11. Chen, T. and Chen, Z. (2020, February 17). CLAMBLING - A New Backdoor Base On Dropbox. Retrieved November 12, 2021.
  12. Gallagher, S.. (2015, August 5). Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”. Retrieved January 25, 2016.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.