|
gptkbp:instanceOf
|
gptkb:cybercrime
|
|
gptkbp:activeYearsStart
|
2013
|
|
gptkbp:alsoKnownAs
|
gptkb:Primitive_Bear
ACTINIUM
|
|
gptkbp:associatedWith
|
gptkb:Russian_Federal_Security_Service_(FSB)
|
|
gptkbp:attributedTo
|
widely attributed to Russian state interests
|
|
gptkbp:countryOfOrigin
|
gptkb:Russia
|
|
gptkbp:mainLanguage
|
gptkb:Russian
|
|
gptkbp:monitors
|
gptkb:Microsoft
gptkb:CERT-UA
gptkb:ESET
gptkb:Symantec
|
|
gptkbp:notableEvent
|
attacks during 2022 Russian invasion of Ukraine
attacks on Ukrainian government in 2019
|
|
gptkbp:target
|
gptkb:Ukraine
government organizations
military organizations
critical infrastructure
|
|
gptkbp:technique
|
phishing emails
malicious attachments
living-off-the-land binaries
remote template injection
|
|
gptkbp:TTPs
|
frequent infrastructure changes
rapid deployment of new malware variants
use of compromised email accounts
use of legitimate cloud services for C2
|
|
gptkbp:usesMalware
|
PowerShell scripts
Pterodo
custom RATs
|
|
gptkbp:bfsParent
|
gptkb:Russian-Ukrainian_cyberwarfare
gptkb:Russian_state-sponsored_hackers
gptkb:Hacker
|
|
gptkbp:bfsLayer
|
7
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Gamaredon
|