APT57

GPTKB entity

Statements (51)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:alsoKnownAs gptkb:Rana
Cobalt Hickman
gptkbp:area gptkb:Europe
gptkb:Middle_East
gptkb:United_States
gptkbp:associatedWith Iranian cyber operations
gptkbp:attackTechniques data exfiltration
credential harvesting
custom malware
living off the land
remote access tools
spear phishing
watering hole attacks
lateral movement
web shell deployment
gptkbp:countryOfOrigin gptkb:Iran
gptkbp:firstReported 2017
https://www.w3.org/2000/01/rdf-schema#label APT57
gptkbp:industry gptkb:energy
gptkb:government
defense
telecommunications
gptkbp:notableBattle attacks on Middle Eastern governments
attacks on energy sector
gptkbp:reportsTo gptkb:Kaspersky
gptkb:Microsoft
gptkb:CrowdStrike
gptkb:FireEye
gptkb:Recorded_Future
gptkbp:suspect gptkb:Iranian_government
gptkbp:usesMalware gptkb:NjRAT
gptkb:Pupy
gptkb:TURNEDUP
gptkb:HyperStack
gptkb:Imminent_Monitor
gptkb:LaZagne
gptkb:Metasploit
gptkb:Mimikatz
gptkb:PLINK
gptkb:Agent_Tesla
PowerShell scripts
NANOCORE
Batch scripts
Custom backdoors
POWRUNER
QUASARRAT
Remexi
VBS scripts
gptkbp:bfsParent gptkb:Operation_Winnti
gptkbp:bfsLayer 7