APT35 Automates Initial Access Using ProxyShell Initial Access: #ProxyShell Discovery: net, ipconfig, PowerShell, quser, etc. PrivEsc: Scheduled Task Defense Evasion: Real-time Monitoring & WDigest enablement Credential Access: Comsvcs.dll https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell/ TheDFIRReport @malwr 417 viewsedited 16:32