Statements (29)
Predicate | Object |
---|---|
gptkbp:instanceOf |
malware
|
gptkbp:associatedWith |
gptkb:Lazarus_Group
|
gptkbp:canDeleteShadowCopies |
true
|
gptkbp:canDisableRecovery |
true
|
gptkbp:canSpreadLaterally |
true
|
gptkbp:demandsRansomIn |
gptkb:Bitcoin
|
gptkbp:encryption |
files
|
gptkbp:fileExtension |
.hermes
.hrms |
gptkbp:firstObserved |
2017
|
gptkbp:hasBackdoorComponent |
sometimes
|
https://www.w3.org/2000/01/rdf-schema#label |
HERMES ransomware
|
gptkbp:marketedAs |
underground forums
|
gptkbp:notableBattle |
Far Eastern International Bank (Taiwan) 2017
|
gptkbp:notableVariant |
HERMES 2.0
HERMES 2.1 |
gptkbp:ransomDemanded |
varies
|
gptkbp:ransomNoteFileName |
DECRYPT_INFORMATION.html
DECRYPT_INFORMATION.txt |
gptkbp:sells |
Ransomware-as-a-Service (RaaS)
|
gptkbp:spreadTo |
phishing emails
malicious attachments |
gptkbp:supportsAlgorithm |
gptkb:RSA
gptkb:AES |
gptkbp:target |
gptkb:Windows_operating_systems
|
gptkbp:usedIn |
gptkb:Far_Eastern_International_Bank_heist
WannaCry attack |
gptkbp:bfsParent |
gptkb:Ryuk_ransomware_group
|
gptkbp:bfsLayer |
7
|