Statements (84)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cybercrime
|
| gptkbp:activeYearsStart |
at least 2012
|
| gptkbp:alsoKnownAs |
gptkb:Wicked_Panda
gptkb:Winnti gptkb:Barium gptkb:Double_Dragon |
| gptkbp:associatedWith |
gptkb:Chinese_government
|
| gptkbp:countryOfOrigin |
gptkb:China
|
| https://www.w3.org/2000/01/rdf-schema#label |
APT41
|
| gptkbp:indictedBy |
gptkb:United_States_Department_of_Justice
|
| gptkbp:indictmentYear |
2020
|
| gptkbp:industry |
gptkb:government
gptkb:technology gptkb:video_game education healthcare manufacturing telecommunications travel |
| gptkbp:knownFor |
cybercrime
malware deployment supply chain attacks financially motivated cybercrime |
| gptkbp:majorCity |
gptkb:Australia
gptkb:France gptkb:India gptkb:United_Kingdom gptkb:United_States |
| gptkbp:notableBattle |
gptkb:CCleaner_supply_chain_attack
gptkb:Operation_ShadowHammer attacks on healthcare organizations attacks on video game companies attacks on telecommunications companies |
| gptkbp:TTPs |
SQL injection
data exfiltration living off the land techniques spear phishing watering hole attacks credential theft lateral movement custom malware development privilege escalation supply chain compromise use of legitimate software for persistence web shell deployment web server exploitation remote desktop protocol abuse use of Cobalt Strike beacons use of VPNs and proxies use of compromised credentials use of open-source tools use of publicly available tools use of zero-day exploits |
| gptkbp:usesMalware |
gptkb:PlugX
gptkb:SHELLCREST gptkb:SOGU gptkb:ShadowPad gptkb:Winnti_malware gptkb:ZxShell gptkb:Cobalt_Strike gptkb:Mimikatz gptkb:Crosswalk Gh0st RAT POISONPLUG AIRBREAK BADFLICK CHINACHOP CLEANUP DEADPOOL HIGHNOON HOMEUNIX MSSQLTOOL PHOTO PUBLOAD PWNLNX STEADYPULSE XMRIG ZXSHELL |
| gptkbp:bfsParent |
gptkb:Chinese_hackers
gptkb:Operation_CuckooBees gptkb:Operation_Winnti gptkb:Chinese_state-sponsored_actors gptkb:Dr._Ev4l |
| gptkbp:bfsLayer |
7
|