|
gptkbp:instanceOf
|
gptkb:cybercrime
|
|
gptkbp:activeYearsStart
|
2016
|
|
gptkbp:alsoKnownAs
|
gptkb:TA505
|
|
gptkbp:area
|
gptkb:Asia
gptkb:Europe
gptkb:North_America
|
|
gptkbp:associatedWith
|
gptkb:cybercrime
financially motivated attacks
|
|
gptkbp:connectsTo
|
gptkb:TA505
gptkb:Clop_ransomware_group
|
|
gptkbp:industry
|
gptkb:government
gptkb:government_ministry
gptkb:textile_industry
education sector
healthcare sector
retail sector
|
|
gptkbp:infrastructure
|
command and control servers
encrypted communications
malicious domains
exploit kits
malware loaders
proxy networks
VPN services
bulletproof hosting
fast flux DNS
TOR network
email delivery infrastructure
|
|
gptkbp:notableBattle
|
supply chain attacks
large-scale phishing campaigns
Clop ransomware attacks
data theft and extortion
|
|
gptkbp:origin
|
gptkb:Eastern_Europe
|
|
gptkbp:technique
|
phishing
data exfiltration
malicious email attachments
credential theft
exploit kits
lateral movement
malicious links
double extortion
remote desktop protocol (RDP) brute force
|
|
gptkbp:usesMalware
|
gptkb:Quantum
gptkb:Neutrino
gptkb:Philadelphia
gptkb:Ryuk
gptkb:Babuk
gptkb:Dridex
gptkb:Locky
gptkb:Tinba
gptkb:Pony
gptkb:Cobalt_Strike
gptkb:cave
gptkb:Conti
gptkb:Rook
gptkb:Pysa
gptkb:DarkSide
gptkb:LockBit
gptkb:REvil
gptkb:TrickBot
gptkb:Hive
gptkb:Shifu
gptkb:Ragnarok
gptkb:Netwalker
gptkb:Ransomware-as-a-Service
gptkb:Sodinokibi
gptkb:FlawedAmmyy
gptkb:SDBbot
gptkb:ServHelper
gptkb:Zeppelin
gptkb:Jaff
Grief
Clop ransomware
BlackMatter
Avaddon
BitPaymer
DoppelPaymer
Egregor
Get2
GlobeImposter
LockerGoga
MegaCortex
Mount Locker
Ragnar Locker
RansomEXX
SunCrypt
Vice Society
WastedLocker
|
|
gptkbp:bfsParent
|
gptkb:CL0P_ransomware_group
gptkb:TA505
gptkb:Clop_ransomware_group
|
|
gptkbp:bfsLayer
|
8
|
|
http://www.w3.org/2000/01/rdf-schema#label
|
FIN11
|