|
gptkbp:instanceOf
|
Remote Access Trojan
|
|
gptkbp:abilities
|
persistence
modular architecture
command execution
screenshot capture
file exfiltration
keylogging
|
|
gptkbp:attributedTo
|
possibly Turla group
|
|
gptkbp:C2Infrastructure
|
configurable
|
|
gptkbp:category
|
malware
|
|
gptkbp:communication
|
gptkb:HTTP
gptkb:SOAP
gptkb:TCP
HTTPS
|
|
gptkbp:detects
|
antivirus signatures
|
|
gptkbp:developedBy
|
unknown
|
|
gptkbp:distributedBy
|
phishing
compromised websites
malicious attachments
|
|
gptkbp:encryption
|
gptkb:RSA
gptkb:AES
|
|
gptkbp:firstObserved
|
2017
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Kazuar RAT
|
|
gptkbp:language
|
gptkb:C#
|
|
gptkbp:notable_campaign
|
espionage against government and diplomatic targets
|
|
gptkbp:notableFeature
|
obfuscation techniques
customizable plugins
multi-platform support (planned)
|
|
gptkbp:operatingSystem
|
gptkb:Windows
|
|
gptkbp:persistenceMechanism
|
registry modification
scheduled tasks
|
|
gptkbp:platform
|
gptkb:.NET
|
|
gptkbp:relatedTo
|
gptkb:Turla_APT
|
|
gptkbp:stealthFeature
|
code obfuscation
anti-analysis
anti-debugging
|
|
gptkbp:usedFor
|
cybercrime
|
|
gptkbp:usesMalware
|
RAT
|
|
gptkbp:bfsParent
|
gptkb:Turla
|
|
gptkbp:bfsLayer
|
6
|