|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2010s
|
|
gptkbp:alsoKnownAs
|
gptkb:DeputyDog
gptkb:Tailgater_Team
|
|
gptkbp:associatedWith
|
Chinese state-sponsored cyber operations
|
|
gptkbp:connectsTo
|
gptkb:Chinese_Ministry_of_State_Security
Chinese cyber espionage apparatus
|
|
gptkbp:countryOfOrigin
|
gptkb:China
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
APT17
|
|
gptkbp:industry
|
gptkb:energy
gptkb:government
gptkb:technology
gptkb:NGOs
defense
|
|
gptkbp:majorCity
|
gptkb:Canada
gptkb:South_Korea
gptkb:United_States
|
|
gptkbp:notableBattle
|
gptkb:2014_intrusion_into_US_Office_of_Personnel_Management
attacks on US law firms
|
|
gptkbp:notableEvent
|
gptkb:2014_OPM_breach
attacks on government agencies
attacks on energy sector
attacks on NGOs
attacks on US law firms in 2014
attacks on technology sector
|
|
gptkbp:notableTool
|
gptkb:BS2005
gptkb:BLACKCOFFEE
gptkb:DeputyDog
gptkb:HIGHTIDE
gptkb:Hydraq
gptkb:ROYALCLIFF
gptkb:ZoxPNG
POISONPLUG
|
|
gptkbp:suspect
|
gptkb:Chinese_government
|
|
gptkbp:tactics
|
spear phishing
watering hole attacks
custom malware deployment
web server exploitation
|
|
gptkbp:technology
|
multi-stage payload delivery
custom malware obfuscation
use of GitHub for C2
use of legitimate web services for C2
|
|
gptkbp:usesMalware
|
gptkb:BS2005
gptkb:BLACKCOFFEE
gptkb:DeputyDog
gptkb:HIGHTIDE
gptkb:Hydraq
gptkb:ROYALCLIFF
gptkb:ZoxPNG
POISONPLUG
SHIQIANG
|
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
gptkb:Hacker
|
|
gptkbp:bfsLayer
|
7
|