Statements (90)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cybercrime
|
| gptkbp:activeYearsStart |
2016
|
| gptkbp:alsoKnownAs |
gptkb:TA505
|
| gptkbp:area |
gptkb:Asia
gptkb:Europe gptkb:North_America |
| gptkbp:associatedWith |
cybercrime
financially motivated attacks |
| gptkbp:connectsTo |
gptkb:TA505
gptkb:Clop_ransomware_group |
| https://www.w3.org/2000/01/rdf-schema#label |
FIN11
|
| gptkbp:industry |
gptkb:government
gptkb:government_ministry gptkb:textile_industry education sector healthcare sector retail sector |
| gptkbp:infrastructure |
command and control servers
encrypted communications malicious domains exploit kits malware loaders proxy networks VPN services bulletproof hosting fast flux DNS TOR network email delivery infrastructure |
| gptkbp:notableBattle |
supply chain attacks
large-scale phishing campaigns Clop ransomware attacks data theft and extortion |
| gptkbp:origin |
gptkb:Eastern_Europe
|
| gptkbp:technique |
phishing
data exfiltration malicious email attachments credential theft exploit kits lateral movement malicious links double extortion remote desktop protocol (RDP) brute force |
| gptkbp:usesMalware |
gptkb:Quantum
gptkb:Neutrino gptkb:Philadelphia gptkb:Ryuk gptkb:Babuk gptkb:Dridex gptkb:Locky gptkb:Tinba gptkb:Pony gptkb:Cobalt_Strike gptkb:cave gptkb:Conti gptkb:Rook gptkb:Pysa gptkb:DarkSide gptkb:LockBit gptkb:REvil gptkb:TrickBot gptkb:Hive gptkb:Shifu gptkb:Ragnarok gptkb:Netwalker gptkb:Ransomware-as-a-Service gptkb:Sodinokibi gptkb:FlawedAmmyy gptkb:SDBbot gptkb:ServHelper gptkb:Jaff Grief Zeppelin Clop ransomware BlackMatter Avaddon BitPaymer DoppelPaymer Egregor Get2 GlobeImposter LockerGoga MegaCortex Mount Locker Ragnar Locker RansomEXX SunCrypt Vice Society WastedLocker |
| gptkbp:bfsParent |
gptkb:Clop_ransomware_group
|
| gptkbp:bfsLayer |
7
|