|
gptkbp:instanceOf
|
malware
|
|
gptkbp:alias
|
gptkb:LightNeuron
Exchange Transport Agent backdoor
|
|
gptkbp:attributedTo
|
gptkb:Turla_group
|
|
gptkbp:controls
|
commands hidden in email attachments
|
|
gptkbp:discoveredBy
|
gptkb:ESET
|
|
gptkbp:diseaseVector
|
malicious email attachments
compromised Exchange servers
|
|
gptkbp:firstReported
|
2019
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
LightNeuron malware
|
|
gptkbp:notableFeature
|
can read, modify, block, or send emails
operates as a Microsoft Exchange Transport Agent
|
|
gptkbp:persistenceMechanism
|
Exchange Transport Agent registration
|
|
gptkbp:platform
|
gptkb:Microsoft_Exchange
|
|
gptkbp:primaryUse
|
command and control
data exfiltration
email interception
|
|
gptkbp:publicDisclosure
|
gptkb:ESET_whitepaper_2019
|
|
gptkbp:removalDifficulty
|
high
|
|
gptkbp:target
|
government organizations
military organizations
diplomatic entities
|
|
gptkbp:usedBy
|
APT group
|
|
gptkbp:usedIn
|
espionage campaigns
|
|
gptkbp:usesMalware
|
backdoor
email hijacker
|
|
gptkbp:分布地区
|
gptkb:Middle_East
gptkb:Eastern_Europe
|
|
gptkbp:bfsParent
|
gptkb:Turla
|
|
gptkbp:bfsLayer
|
6
|