Blankken_collection_from_2022-12.rar

: Use of remote template injection in documents was a frequent technique for initial access by groups like Primitive Bear . 4. Safe Handling Procedures

: Dropped executables in %AppData% or %LocalAppData% . BlankKen_Collection_from_2022-12.rar

: Connections to known C2 domains often masquerading as cloud services. : Use of remote template injection in documents