|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:alsoKnownAs
|
gptkb:Rana
Cobalt Hickman
|
|
gptkbp:area
|
gptkb:Europe
gptkb:Middle_East
gptkb:United_States
|
|
gptkbp:associatedWith
|
Iranian cyber operations
|
|
gptkbp:attackTechniques
|
data exfiltration
credential harvesting
custom malware
living off the land
remote access tools
spear phishing
watering hole attacks
lateral movement
web shell deployment
|
|
gptkbp:countryOfOrigin
|
gptkb:Iran
|
|
gptkbp:firstReported
|
2017
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
APT57
|
|
gptkbp:industry
|
gptkb:energy
gptkb:government
defense
telecommunications
|
|
gptkbp:notableBattle
|
attacks on Middle Eastern governments
attacks on energy sector
|
|
gptkbp:reportsTo
|
gptkb:Kaspersky
gptkb:Microsoft
gptkb:CrowdStrike
gptkb:FireEye
gptkb:Recorded_Future
|
|
gptkbp:suspect
|
gptkb:Iranian_government
|
|
gptkbp:usesMalware
|
gptkb:NjRAT
gptkb:Pupy
gptkb:TURNEDUP
gptkb:HyperStack
gptkb:Imminent_Monitor
gptkb:LaZagne
gptkb:Metasploit
gptkb:Mimikatz
gptkb:PLINK
gptkb:Agent_Tesla
PowerShell scripts
NANOCORE
Batch scripts
Custom backdoors
POWRUNER
QUASARRAT
Remexi
VBS scripts
|
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
|
|
gptkbp:bfsLayer
|
7
|