APT41

GPTKB entity

Statements (84)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart at least 2012
gptkbp:alsoKnownAs gptkb:Wicked_Panda
gptkb:Winnti
gptkb:Barium
gptkb:Double_Dragon
gptkbp:associatedWith gptkb:Chinese_government
gptkbp:countryOfOrigin gptkb:China
https://www.w3.org/2000/01/rdf-schema#label APT41
gptkbp:indictedBy gptkb:United_States_Department_of_Justice
gptkbp:indictmentYear 2020
gptkbp:industry gptkb:government
gptkb:technology
gptkb:video_game
education
healthcare
manufacturing
telecommunications
travel
gptkbp:knownFor cybercrime
malware deployment
supply chain attacks
financially motivated cybercrime
gptkbp:majorCity gptkb:Australia
gptkb:France
gptkb:India
gptkb:United_Kingdom
gptkb:United_States
gptkbp:notableBattle gptkb:CCleaner_supply_chain_attack
gptkb:Operation_ShadowHammer
attacks on healthcare organizations
attacks on video game companies
attacks on telecommunications companies
gptkbp:TTPs SQL injection
data exfiltration
living off the land techniques
spear phishing
watering hole attacks
credential theft
lateral movement
custom malware development
privilege escalation
supply chain compromise
use of legitimate software for persistence
web shell deployment
web server exploitation
remote desktop protocol abuse
use of Cobalt Strike beacons
use of VPNs and proxies
use of compromised credentials
use of open-source tools
use of publicly available tools
use of zero-day exploits
gptkbp:usesMalware gptkb:PlugX
gptkb:SHELLCREST
gptkb:SOGU
gptkb:ShadowPad
gptkb:Winnti_malware
gptkb:ZxShell
gptkb:Cobalt_Strike
gptkb:Mimikatz
gptkb:Crosswalk
Gh0st RAT
POISONPLUG
AIRBREAK
BADFLICK
CHINACHOP
CLEANUP
DEADPOOL
HIGHNOON
HOMEUNIX
MSSQLTOOL
PHOTO
PUBLOAD
PWNLNX
STEADYPULSE
XMRIG
ZXSHELL
gptkbp:bfsParent gptkb:Chinese_hackers
gptkb:Operation_CuckooBees
gptkb:Operation_Winnti
gptkb:Chinese_state-sponsored_actors
gptkb:Dr._Ev4l
gptkbp:bfsLayer 7