|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
data exfiltration
persistence
command execution
privilege escalation
|
|
gptkbp:alsoKnownAs
|
Derusbi malware
|
|
gptkbp:analyzes
|
gptkb:Palo_Alto_Networks
gptkb:CrowdStrike
gptkb:FireEye
gptkb:Kaspersky_Lab
gptkb:Symantec
|
|
gptkbp:category
|
cyber espionage tool
advanced persistent threat tool
|
|
gptkbp:communication
|
gptkb:HTTP
gptkb:TCP
HTTPS
custom protocols
|
|
gptkbp:detects
|
various antivirus vendors
|
|
gptkbp:discoveredBy
|
2011
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Derusbi
|
|
gptkbp:notableEvent
|
OPM data breach
Anthem breach
|
|
gptkbp:platform
|
gptkb:Windows
gptkb:Linux
|
|
gptkbp:relatedTo
|
gptkb:PlugX
gptkb:Sakula
Black Vine group
|
|
gptkbp:target
|
gptkb:energy
gptkb:government_ministry
US organizations
defense sector
|
|
gptkbp:type
|
Trojan
backdoor
|
|
gptkbp:usedBy
|
gptkb:Chinese_threat_actors
gptkb:APT29
gptkb:APT19
APT groups
|
|
gptkbp:uses
|
modular architecture
DLL injection
encrypted communication
kernel-mode rootkit
network tunneling
user-mode rootkit
|
|
gptkbp:usesMalware
|
Derusbi family
|
|
gptkbp:writtenBy
|
gptkb:C++
C
|
|
gptkbp:bfsParent
|
gptkb:APT40
gptkb:APT26
|
|
gptkbp:bfsLayer
|
8
|