APT54

GPTKB entity

Statements (51)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart 2014
gptkbp:alsoKnownAs gptkb:OilRig
Cobalt Gypsy
IRN2
gptkbp:area gptkb:Europe
gptkb:Middle_East
gptkb:United_States
gptkbp:associatedWith gptkb:Iranian_government
gptkbp:countryOfOrigin gptkb:Iran
https://www.w3.org/2000/01/rdf-schema#label APT54
gptkbp:industry gptkb:energy
gptkb:government
gptkb:government_ministry
telecommunications sector
gptkbp:motive gptkb:intelligence_gathering
espionage
gptkbp:notableEvent attacks on financial institutions
attacks on Middle Eastern governments
attacks on energy companies
attacks on telecommunications firms
gptkbp:reportsTo gptkb:Microsoft
gptkb:Palo_Alto_Networks
gptkb:CrowdStrike
gptkb:FireEye
gptkb:Mandiant
gptkb:Symantec
gptkbp:technique credential harvesting
custom malware
spear phishing
supply chain attacks
watering hole attacks
web shell deployment
gptkbp:TTPs custom backdoors
living off the land
use of legitimate credentials
use of PowerShell scripts
multi-stage attacks
use of web shells
gptkbp:usesMalware gptkb:POWBAT
gptkb:QUADAGENT
gptkb:Helminth
gptkb:Dragon
gptkb:ThreeDollars
Karkoff
ISMDoor
OOPSIE
RDAT
RGDoor
gptkbp:bfsParent gptkb:Operation_Winnti
gptkbp:bfsLayer 7