|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2014
|
|
gptkbp:alsoKnownAs
|
gptkb:APT34
gptkb:OilRig
|
|
gptkbp:area
|
gptkb:Europe
gptkb:Middle_East
gptkb:North_America
|
|
gptkbp:associatedWith
|
gptkb:Iranian_government
|
|
gptkbp:attributedTo
|
gptkb:CrowdStrike
gptkb:FireEye
gptkb:Mandiant
|
|
gptkbp:countryOfOrigin
|
gptkb:Iran
|
|
gptkbp:exploits
|
Microsoft Office vulnerabilities
zero-day vulnerabilities
web application vulnerabilities
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Helix Kitten
|
|
gptkbp:industry
|
gptkb:energy
gptkb:government
gptkb:chemical_industry
financial services
telecommunications
|
|
gptkbp:infrastructure
|
cloud services
compromised websites
phishing domains
|
|
gptkbp:motive
|
gptkb:intelligence_gathering
espionage
|
|
gptkbp:notableBattle
|
attacks on financial institutions
attacks on Middle Eastern governments
attacks on energy companies
|
|
gptkbp:relatedGroup
|
gptkb:APT33
gptkb:APT35
gptkb:Charming_Kitten
|
|
gptkbp:target
|
gptkb:Middle_East
gptkb:energy
gptkb:government
telecommunications
government organizations
|
|
gptkbp:technique
|
credential harvesting
custom malware
spear phishing
watering hole attacks
|
|
gptkbp:uses
|
PowerShell scripts
custom backdoors
remote access trojans
web shells
|
|
gptkbp:usesMalware
|
gptkb:POWBAT
gptkb:Helminth
gptkb:Dragon
gptkb:Agent_Injector
OOPSIE
|
|
gptkbp:usesPhishing
|
social engineering
email phishing
|
|
gptkbp:bfsParent
|
gptkb:APT34
|
|
gptkbp:bfsLayer
|
7
|