Statements (34)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cybercrime
|
| gptkbp:activeYearsStart |
2013
|
| gptkbp:alsoKnownAs |
gptkb:Primitive_Bear
ACTINIUM |
| gptkbp:associatedWith |
gptkb:Russian_Federal_Security_Service_(FSB)
|
| gptkbp:attributedTo |
widely attributed to Russian state interests
|
| gptkbp:countryOfOrigin |
gptkb:Russia
|
| https://www.w3.org/2000/01/rdf-schema#label |
Gamaredon
|
| gptkbp:mainLanguage |
gptkb:Russian
|
| gptkbp:monitors |
gptkb:Microsoft
gptkb:CERT-UA gptkb:ESET gptkb:Symantec |
| gptkbp:notableEvent |
attacks during 2022 Russian invasion of Ukraine
attacks on Ukrainian government in 2019 |
| gptkbp:target |
gptkb:Ukraine
government organizations military organizations critical infrastructure |
| gptkbp:technique |
phishing emails
malicious attachments living-off-the-land binaries remote template injection |
| gptkbp:TTPs |
frequent infrastructure changes
rapid deployment of new malware variants use of compromised email accounts use of legitimate cloud services for C2 |
| gptkbp:usesMalware |
PowerShell scripts
Pterodo custom RATs |
| gptkbp:bfsParent |
gptkb:Russian-Ukrainian_cyberwarfare
gptkb:Russian_state-sponsored_hackers gptkb:Hacker |
| gptkbp:bfsLayer |
7
|