Statements (58)
Predicate | Object |
---|---|
gptkbp:instanceOf |
malware
|
gptkbp:abilities |
data exfiltration
malware delivery credential theft lateral movement man-in-the-browser attack ransomware delivery web injection |
gptkbp:alsoKnownAs |
gptkb:BokBot
|
gptkbp:area |
gptkb:Asia
gptkb:Europe gptkb:North_America global |
gptkbp:associatedWith |
gptkb:Conti_ransomware
gptkb:Emotet gptkb:TA551_threat_group gptkb:TrickBot |
gptkbp:detects |
gptkb:security
|
gptkbp:discoveredBy |
2017
|
https://www.w3.org/2000/01/rdf-schema#label |
IcedID
|
gptkbp:notable_campaign |
2020 ransomware attacks
2021 phishing campaigns |
gptkbp:platform |
gptkb:Windows
|
gptkbp:remedy |
network monitoring
patch management endpoint detection and response user awareness training |
gptkbp:spreadTo |
malicious email attachments
malicious links malvertising |
gptkbp:status |
active
|
gptkbp:target |
individuals
businesses financial institutions |
gptkbp:threats |
high
|
gptkbp:uses |
phishing emails
PowerShell scripts command and control servers modular architecture C2 infrastructure DLL injection VNC module encrypted communication exploit kits info-stealer module living-off-the-land binaries loader module malicious documents malicious macros malspam process hollowing proxy module web injects |
gptkbp:usesMalware |
malware
|
gptkbp:writtenBy |
gptkb:C++
C |
gptkbp:bfsParent |
gptkb:Operation_Endgame
|
gptkbp:bfsLayer |
5
|