|
gptkbp:instanceOf
|
gptkb:malware
|
|
gptkbp:alsoKnownAs
|
gptkb:Geodo
gptkb:Heodo
|
|
gptkbp:associatedWith
|
gptkb:TA542_threat_group
|
|
gptkbp:cause
|
data theft
financial loss
network disruption
|
|
gptkbp:commanded
|
remote servers
|
|
gptkbp:countryOfOrigin
|
gptkb:unknown
|
|
gptkbp:deliveredBy
|
gptkb:QakBot
gptkb:Ryuk_ransomware
gptkb:TrickBot
|
|
gptkbp:detects
|
gptkb:security
|
|
gptkbp:discoveredBy
|
2014
|
|
gptkbp:laterEvolvedTo
|
malware delivery platform
|
|
gptkbp:notableFor
|
global impact
modular architecture
persistence mechanisms
network propagation
high infection rates
use of stolen email threads
|
|
gptkbp:originallyDevelopedAs
|
gptkb:malware
|
|
gptkbp:resurfaced
|
November 2021
|
|
gptkbp:spreadTo
|
malicious email attachments
malicious email links
|
|
gptkbp:takedownBy
|
international law enforcement
|
|
gptkbp:takedownDate
|
January 2021
|
|
gptkbp:target
|
gptkb:Windows_operating_systems
|
|
gptkbp:targetedOrganizations
|
gptkb:government_agency
private companies
individual users
|
|
gptkbp:uses
|
PowerShell scripts
encrypted communication
malicious macros
malspam campaigns
DLL files
polymorphic code
|
|
gptkbp:bfsParent
|
gptkb:Trickbot
|
|
gptkbp:bfsLayer
|
6
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Emotet malware
|