HAMMERTOSS

GPTKB entity

Statements (49)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities file upload
data exfiltration
screenshot capture
remote command execution
file download
gptkbp:alsoKnownAs HAMMERTOSS malware
gptkbp:attributedTo Russian state-sponsored actors
gptkbp:commanded gptkb:GitHub
gptkb:Twitter
Cloud storage services
gptkbp:deliveredBy malicious websites
phishing emails
gptkbp:firstReported 2015
https://www.w3.org/2000/01/rdf-schema#label HAMMERTOSS
gptkbp:notableFeature multi-stage infection process
uses images on social media for C2
gptkbp:operatingSystem gptkb:Windows
gptkbp:referencedIn gptkb:MITRE_ATT&CK
FireEye report
gptkbp:socialMedia true
gptkbp:status active (as of 2015)
gptkbp:tactics gptkb:Defense_Evasion
gptkb:library
gptkb:Command_and_Control
Exfiltration
Persistence
gptkbp:target gptkb:energy
government organizations
military organizations
defense sector
diplomatic entities
gptkbp:technique T1027
T1059
T1071
T1105
T1095
gptkbp:usedBy gptkb:Cozy_Bear
gptkb:APT29
gptkb:The_Dukes
gptkbp:usesCloudServices true
gptkbp:usesMalware backdoor
remote access tool
gptkbp:usesSteganography true
gptkbp:writtenBy gptkb:C++
gptkb:.NET
gptkbp:bfsParent gptkb:CozyDuke
gptkb:Hammertoss
gptkbp:bfsLayer 7