: Connections to known C2 domains often masquerading as cloud services.
: Use of remote template injection in documents was a frequent technique for initial access by groups like Primitive Bear . 4. Safe Handling Procedures BlankKen_Collection_from_2022-12.rar
If this collection contains specific samples, expect to find: : Connections to known C2 domains often masquerading