Derusbi

GPTKB entity

Statements (49)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities data exfiltration
persistence
command execution
privilege escalation
gptkbp:alsoKnownAs Derusbi malware
gptkbp:analyzes gptkb:Palo_Alto_Networks
gptkb:CrowdStrike
gptkb:FireEye
gptkb:Kaspersky_Lab
gptkb:Symantec
gptkbp:category cyber espionage tool
advanced persistent threat tool
gptkbp:communication gptkb:HTTP
gptkb:TCP
HTTPS
custom protocols
gptkbp:detects various antivirus vendors
gptkbp:discoveredBy 2011
https://www.w3.org/2000/01/rdf-schema#label Derusbi
gptkbp:notableEvent OPM data breach
Anthem breach
gptkbp:platform gptkb:Windows
gptkb:Linux
gptkbp:relatedTo gptkb:PlugX
gptkb:Sakula
Black Vine group
gptkbp:target gptkb:energy
gptkb:government_ministry
US organizations
defense sector
gptkbp:type Trojan
backdoor
gptkbp:usedBy gptkb:Chinese_threat_actors
gptkb:APT29
gptkb:APT19
APT groups
gptkbp:uses modular architecture
DLL injection
encrypted communication
kernel-mode rootkit
network tunneling
user-mode rootkit
gptkbp:usesMalware Derusbi family
gptkbp:writtenBy gptkb:C++
C
gptkbp:bfsParent gptkb:APT40
gptkb:APT26
gptkbp:bfsLayer 8