APT33

GPTKB entity

Statements (91)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart 2013
gptkbp:alsoKnownAs gptkb:Elfin
gptkb:Refined_Kitten
gptkbp:area gptkb:Saudi_Arabia
gptkb:South_Korea
gptkb:United_States
gptkbp:associatedWith gptkb:Iranian_Revolutionary_Guard_Corps
gptkbp:countryOfOrigin gptkb:Iran
gptkbp:enemyOf spear-phishing
malware deployment
watering hole attacks
https://www.w3.org/2000/01/rdf-schema#label APT33
gptkbp:industry gptkb:energy
gptkb:government
aerospace
gptkbp:mainLanguage gptkb:Farsi
gptkbp:notableBattle 2017 spear-phishing campaign against aerospace sector
gptkbp:notableTool gptkb:ALFASHELL
gptkb:ALFA_Shell
gptkb:AgentTesla
gptkb:DROPSHOT
gptkb:DarkComet
gptkb:Impacket
gptkb:Invoke-Obfuscation
gptkb:Invoke-WMICommand
gptkb:Meterpreter
gptkb:NANOCORE_RAT
gptkb:NanoCore
gptkb:NjRAT
gptkb:POWBAT
gptkb:PowerShell_Empire
gptkb:Pupy
gptkb:PupyRAT
gptkb:QUADAGENT
gptkb:QuasarRAT
gptkb:Remcos
gptkb:SHAPESHIFT
gptkb:SHELLCREST
gptkb:TURNEDUP
gptkb:Cobalt_Strike
gptkb:LaZagne
gptkb:Mimikatz
Invoke-WMIShellcodeWebShellReverseShellWebShellPersistence
AgentTest
Invoke-BypassUAC
Invoke-Command
Invoke-Expression
Invoke-Mimikatz
Invoke-PSImage
Invoke-PSInject
Invoke-PSRemoting
Invoke-PSReverseShell
Invoke-PSWebShell
Invoke-ProcessShellcode
Invoke-ReflectivePEInjection
Invoke-Shellcode
Invoke-TokenManipulation
Invoke-WMIMethod
Invoke-WMIPersistence
Invoke-WMIQuery
Invoke-WMIScript
Invoke-WMIShell
Invoke-WMIShellcode
Invoke-WMIShellcodeInjection
Invoke-WMIShellcodePersistence
Invoke-WMIShellcodeRemoting
Invoke-WMIShellcodeReverseShell
Invoke-WMIShellcodeWebShell
Invoke-WMIShellcodeWebShellPersistence
Invoke-WMIShellcodeWebShellRemoting
Invoke-WMIShellcodeWebShellReverseShell
Invoke-WMIShellcodeWebShellReverseShellPersistence
Invoke-WMIShellcodeWebShellReverseShellRemoting
Invoke-WMIShellcodeWebShellReverseShellWebShell
NANOCORE
Invoke-WMIShellcodeWebShellReverseShellWebShellReverseShellRemoting
Invoke-WMIShellcodeWebShellReverseShellWebShellRemoting
Invoke-WMIShellcodeWebShellReverseShellWebShellReverseShellPersistence
Invoke-WMIShellcodeWebShellReverseShellWebShellReverseShell
gptkbp:publiclyReportedBy gptkb:Microsoft
gptkb:FireEye
gptkb:Symantec
gptkbp:suspect gptkb:Iranian_government
gptkbp:usesMalware gptkb:DropShot
gptkb:Shamoon
gptkb:ShapeShift
TurnedUp
AgentTest
gptkbp:bfsParent gptkb:TA-33
gptkbp:bfsLayer 5