|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2017
|
|
gptkbp:alsoKnownAs
|
gptkb:MuddyWater
|
|
gptkbp:attackMethods
|
malware
phishing
PowerShell scripts
custom backdoors
|
|
gptkbp:attributedTo
|
gptkb:Microsoft
gptkb:Palo_Alto_Networks
gptkb:FireEye
gptkb:US_Cyber_Command
gptkb:Symantec
|
|
gptkbp:connectsTo
|
gptkb:Iranian_Ministry_of_Intelligence
|
|
gptkbp:countryOfOrigin
|
gptkb:Iran
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
APT58
|
|
gptkbp:industry
|
gptkb:energy
gptkb:government
defense
telecommunications
|
|
gptkbp:languageUsedInLures
|
gptkb:Arabic
gptkb:Persian
English
Turkish
|
|
gptkbp:majorCity
|
gptkb:Europe
gptkb:Middle_East
gptkb:North_America
|
|
gptkbp:notableEvent
|
attacks on telecommunications in the Middle East
attacks on energy sector in North America
attacks on government agencies in Europe
|
|
gptkbp:notableTool
|
gptkb:Ligolo
gptkb:MuddyC3
gptkb:SharpStage
gptkb:Canopy
gptkb:Seashell
CredNinja
MuddyWater PowerShell framework
|
|
gptkbp:tactics
|
social engineering
credential harvesting
living off the land
spear phishing
use of legitimate tools
|
|
gptkbp:usesMalware
|
gptkb:BlackWater
gptkb:MuddyC3
gptkb:MuddyWater_RAT
gptkb:SharpStage
gptkb:POWERSTATS
gptkb:Canopy
gptkb:Seashell
MuddyC2Go
MuddyWater PowerShell scripts
|
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
|
|
gptkbp:bfsLayer
|
7
|