Statements (34)
Predicate | Object |
---|---|
gptkbp:instanceOf |
cybercrime
|
gptkbp:activeYearsStart |
2013
|
gptkbp:alsoKnownAs |
gptkb:Primitive_Bear
ACTINIUM |
gptkbp:associatedWith |
gptkb:Russian_Federal_Security_Service_(FSB)
|
gptkbp:attributedTo |
widely attributed to Russian state interests
|
gptkbp:countryOfOrigin |
gptkb:Russia
|
https://www.w3.org/2000/01/rdf-schema#label |
Gamaredon
|
gptkbp:mainLanguage |
gptkb:Russian
|
gptkbp:monitors |
gptkb:Microsoft
gptkb:CERT-UA gptkb:ESET gptkb:Symantec |
gptkbp:notableEvent |
attacks during 2022 Russian invasion of Ukraine
attacks on Ukrainian government in 2019 |
gptkbp:target |
gptkb:Ukraine
government organizations military organizations critical infrastructure |
gptkbp:technique |
phishing emails
malicious attachments living-off-the-land binaries remote template injection |
gptkbp:TTPs |
frequent infrastructure changes
rapid deployment of new malware variants use of compromised email accounts use of legitimate cloud services for C2 |
gptkbp:usesMalware |
PowerShell scripts
Pterodo custom RATs |
gptkbp:bfsParent |
gptkb:Russian-Ukrainian_cyberwarfare
gptkb:Russian_state-sponsored_hackers gptkb:Hacker |
gptkbp:bfsLayer |
7
|