Statements (91)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cybercrime
|
| gptkbp:activeYearsStart |
2013
|
| gptkbp:alsoKnownAs |
gptkb:Elfin
gptkb:Refined_Kitten |
| gptkbp:area |
gptkb:Saudi_Arabia
gptkb:South_Korea gptkb:United_States |
| gptkbp:associatedWith |
gptkb:Iranian_Revolutionary_Guard_Corps
|
| gptkbp:countryOfOrigin |
gptkb:Iran
|
| gptkbp:enemyOf |
spear-phishing
malware deployment watering hole attacks |
| https://www.w3.org/2000/01/rdf-schema#label |
APT33
|
| gptkbp:industry |
gptkb:energy
gptkb:government aerospace |
| gptkbp:mainLanguage |
gptkb:Farsi
|
| gptkbp:notableBattle |
2017 spear-phishing campaign against aerospace sector
|
| gptkbp:notableTool |
gptkb:ALFASHELL
gptkb:ALFA_Shell gptkb:AgentTesla gptkb:DROPSHOT gptkb:DarkComet gptkb:Impacket gptkb:Invoke-Obfuscation gptkb:Invoke-WMICommand gptkb:Meterpreter gptkb:NANOCORE_RAT gptkb:NanoCore gptkb:NjRAT gptkb:POWBAT gptkb:PowerShell_Empire gptkb:Pupy gptkb:PupyRAT gptkb:QUADAGENT gptkb:QuasarRAT gptkb:Remcos gptkb:SHAPESHIFT gptkb:SHELLCREST gptkb:TURNEDUP gptkb:Cobalt_Strike gptkb:LaZagne gptkb:Mimikatz Invoke-WMIShellcodeWebShellReverseShellWebShellPersistence AgentTest Invoke-BypassUAC Invoke-Command Invoke-Expression Invoke-Mimikatz Invoke-PSImage Invoke-PSInject Invoke-PSRemoting Invoke-PSReverseShell Invoke-PSWebShell Invoke-ProcessShellcode Invoke-ReflectivePEInjection Invoke-Shellcode Invoke-TokenManipulation Invoke-WMIMethod Invoke-WMIPersistence Invoke-WMIQuery Invoke-WMIScript Invoke-WMIShell Invoke-WMIShellcode Invoke-WMIShellcodeInjection Invoke-WMIShellcodePersistence Invoke-WMIShellcodeRemoting Invoke-WMIShellcodeReverseShell Invoke-WMIShellcodeWebShell Invoke-WMIShellcodeWebShellPersistence Invoke-WMIShellcodeWebShellRemoting Invoke-WMIShellcodeWebShellReverseShell Invoke-WMIShellcodeWebShellReverseShellPersistence Invoke-WMIShellcodeWebShellReverseShellRemoting Invoke-WMIShellcodeWebShellReverseShellWebShell NANOCORE Invoke-WMIShellcodeWebShellReverseShellWebShellReverseShellRemoting Invoke-WMIShellcodeWebShellReverseShellWebShellRemoting Invoke-WMIShellcodeWebShellReverseShellWebShellReverseShellPersistence Invoke-WMIShellcodeWebShellReverseShellWebShellReverseShell |
| gptkbp:publiclyReportedBy |
gptkb:Microsoft
gptkb:FireEye gptkb:Symantec |
| gptkbp:suspect |
gptkb:Iranian_government
|
| gptkbp:usesMalware |
gptkb:DropShot
gptkb:Shamoon gptkb:ShapeShift TurnedUp AgentTest |
| gptkbp:bfsParent |
gptkb:TA-33
|
| gptkbp:bfsLayer |
5
|