Blankken_collection_from_2022-12.rar -

: Use of remote template injection in documents was a frequent technique for initial access by groups like Primitive Bear . 4. Safe Handling Procedures

If this collection contains specific samples, expect to find: BlankKen_Collection_from_2022-12.rar

: Dropped executables in %AppData% or %LocalAppData% . : Use of remote template injection in documents

: Persistence mechanisms in HKCU\Software\Microsoft\Windows\CurrentVersion\Run . BlankKen_Collection_from_2022-12.rar