Ĭhimera has used multiple password spraying attacks against victim's remote services to obtain valid user and administrator accounts. Ĭhimera has used type \ \c$\Users\ \Favorites\Links\Bookmarks bar\Imported From IE*citrix* for bookmark discovery. Ĭhimera has used custom DLLs for continuous retrieval of data from memory. Īrchive Collected Data: Archive via UtilityĬhimera has used gzip for Linux OS and a modified RAR software to archive data on Windows hosts. Ĭhimera has used Cobalt Strike to encapsulate C2 in DNS traffic. Īpplication Layer Protocol: Web ProtocolsĬhimera has used HTTPS for C2 communications.
Ĭhimera has has used net user /dom and net user Administrator to enumerate domain accounts including administrator accounts. Chimera has used net user for account discovery.
