Statements (58)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
malware
|
| gptkbp:abilities |
data exfiltration
malware delivery credential theft lateral movement man-in-the-browser attack ransomware delivery web injection |
| gptkbp:alsoKnownAs |
gptkb:BokBot
|
| gptkbp:area |
gptkb:Asia
gptkb:Europe gptkb:North_America global |
| gptkbp:associatedWith |
gptkb:Conti_ransomware
gptkb:Emotet gptkb:TA551_threat_group gptkb:TrickBot |
| gptkbp:detects |
gptkb:security
|
| gptkbp:discoveredBy |
2017
|
| https://www.w3.org/2000/01/rdf-schema#label |
IcedID
|
| gptkbp:notable_campaign |
2020 ransomware attacks
2021 phishing campaigns |
| gptkbp:platform |
gptkb:Windows
|
| gptkbp:remedy |
network monitoring
patch management endpoint detection and response user awareness training |
| gptkbp:spreadTo |
malicious email attachments
malicious links malvertising |
| gptkbp:status |
active
|
| gptkbp:target |
individuals
businesses financial institutions |
| gptkbp:threats |
high
|
| gptkbp:uses |
phishing emails
PowerShell scripts command and control servers modular architecture C2 infrastructure DLL injection VNC module encrypted communication exploit kits info-stealer module living-off-the-land binaries loader module malicious documents malicious macros malspam process hollowing proxy module web injects |
| gptkbp:usesMalware |
malware
|
| gptkbp:writtenBy |
gptkb:C++
C |
| gptkbp:bfsParent |
gptkb:Operation_Endgame
|
| gptkbp:bfsLayer |
5
|