OlympicDestroyer

GPTKB entity

Statements (37)
Predicate Object
gptkbp:instanceOf malware
gptkbp:alsoKnownAs gptkb:Olympic_Destroyer
gptkbp:attributedTo unknown
gptkbp:category cybercrime
malware attack
gptkbp:consequence disabled Wi-Fi and website access at the Olympics
disrupted IT systems at 2018 Winter Olympics
gptkbp:discoveredBy gptkb:Cisco_Talos
gptkb:Kaspersky_Lab
2018
https://www.w3.org/2000/01/rdf-schema#label OlympicDestroyer
gptkbp:notableFeature used false flags to mislead attribution
deleted shadow copies
disabled Windows services
overwrote files with random data
spread via network shares
used Mimikatz for credential theft
used stolen credentials
wiped event logs
gptkbp:payload credential theft
file deletion
network worm capabilities
gptkbp:platform gptkb:Microsoft_Windows
gptkbp:relatedTo gptkb:2018_Winter_Olympics_cyberattack
gptkbp:spreadTo credential harvesting
network propagation
gptkbp:suspectedAttribution gptkb:Sandworm_Team
gptkb:Lazarus_Group
gptkb:APT28
gptkbp:target gptkb:Pyeongchang,_South_Korea
gptkbp:targetedEvent gptkb:2018_Winter_Olympics
gptkbp:usesMalware wiper
worm
destructive malware
gptkbp:writtenBy Windows executable
gptkbp:bfsParent gptkb:Olympic_Destroyer
gptkbp:bfsLayer 6