|
gptkbp:instanceOf
|
malware
|
|
gptkbp:alsoKnownAs
|
gptkb:Olympic_Destroyer
|
|
gptkbp:attributedTo
|
unknown
|
|
gptkbp:category
|
cybercrime
malware attack
|
|
gptkbp:consequence
|
disabled Wi-Fi and website access at the Olympics
disrupted IT systems at 2018 Winter Olympics
|
|
gptkbp:discoveredBy
|
gptkb:Cisco_Talos
gptkb:Kaspersky_Lab
2018
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
OlympicDestroyer
|
|
gptkbp:notableFeature
|
used false flags to mislead attribution
deleted shadow copies
disabled Windows services
overwrote files with random data
spread via network shares
used Mimikatz for credential theft
used stolen credentials
wiped event logs
|
|
gptkbp:payload
|
credential theft
file deletion
network worm capabilities
|
|
gptkbp:platform
|
gptkb:Microsoft_Windows
|
|
gptkbp:relatedTo
|
gptkb:2018_Winter_Olympics_cyberattack
|
|
gptkbp:spreadTo
|
credential harvesting
network propagation
|
|
gptkbp:suspectedAttribution
|
gptkb:Sandworm_Team
gptkb:Lazarus_Group
gptkb:APT28
|
|
gptkbp:target
|
gptkb:Pyeongchang,_South_Korea
|
|
gptkbp:targetedEvent
|
gptkb:2018_Winter_Olympics
|
|
gptkbp:usesMalware
|
wiper
worm
destructive malware
|
|
gptkbp:writtenBy
|
Windows executable
|
|
gptkbp:bfsParent
|
gptkb:Olympic_Destroyer
|
|
gptkbp:bfsLayer
|
6
|