|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
data exfiltration
screenshot capture
remote command execution
keylogging
file upload and download
|
|
gptkbp:alsoKnownAs
|
gptkb:IXESHE
AIXESHE
IXESHE.A
LURID
|
|
gptkbp:analyzes
|
gptkb:Kaspersky_Lab
gptkb:Symantec
gptkb:Trend_Micro
|
|
gptkbp:commanded
|
dynamic DNS
hardcoded IP addresses
|
|
gptkbp:discoveredBy
|
2009
|
|
gptkbp:exfiltrationMethod
|
gptkb:HTTP
custom TCP protocol
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
IXESHE malware
|
|
gptkbp:notable_campaign
|
2012 East Asia cyber espionage campaign
|
|
gptkbp:notableFeature
|
multi-language support
modular architecture
|
|
gptkbp:origin
|
China (suspected)
|
|
gptkbp:persistenceMechanism
|
scheduled tasks
Windows registry modification
|
|
gptkbp:platform
|
gptkb:Microsoft_Windows
|
|
gptkbp:signatureFamily
|
LURID family
|
|
gptkbp:target
|
gptkb:diplomat
defense contractors
East Asian governments
|
|
gptkbp:usedFor
|
cybercrime
|
|
gptkbp:usesMalware
|
gptkb:PlugX
gptkb:Poison_Ivy
Trojan
|
|
gptkbp:vectorFor
|
malicious email attachments
spear phishing
|
|
gptkbp:writtenBy
|
gptkb:C++
|
|
gptkbp:bfsParent
|
gptkb:APT12
|
|
gptkbp:bfsLayer
|
8
|