gptkbp:instanceOf
|
cybercrime
|
gptkbp:activeYearsStart
|
2014
|
gptkbp:alsoKnownAs
|
gptkb:OilRig
Cobalt Gypsy
IRN2
|
gptkbp:area
|
gptkb:Europe
gptkb:Middle_East
gptkb:United_States
|
gptkbp:associatedWith
|
gptkb:Iranian_government
|
gptkbp:countryOfOrigin
|
gptkb:Iran
|
https://www.w3.org/2000/01/rdf-schema#label
|
APT54
|
gptkbp:industry
|
gptkb:energy
gptkb:government
gptkb:government_ministry
telecommunications sector
|
gptkbp:motive
|
gptkb:intelligence_gathering
espionage
|
gptkbp:notableEvent
|
attacks on financial institutions
attacks on Middle Eastern governments
attacks on energy companies
attacks on telecommunications firms
|
gptkbp:reportsTo
|
gptkb:Microsoft
gptkb:Palo_Alto_Networks
gptkb:CrowdStrike
gptkb:FireEye
gptkb:Mandiant
gptkb:Symantec
|
gptkbp:technique
|
credential harvesting
custom malware
spear phishing
supply chain attacks
watering hole attacks
web shell deployment
|
gptkbp:TTPs
|
custom backdoors
living off the land
use of legitimate credentials
use of PowerShell scripts
multi-stage attacks
use of web shells
|
gptkbp:usesMalware
|
gptkb:POWBAT
gptkb:QUADAGENT
gptkb:Helminth
gptkb:Dragon
gptkb:ThreeDollars
Karkoff
ISMDoor
OOPSIE
RDAT
RGDoor
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
|
gptkbp:bfsLayer
|
7
|