|
gptkbp:instanceOf
|
malware
|
|
gptkbp:alsoKnownAs
|
gptkb:OlympicDestroyer
|
|
gptkbp:analyzes
|
gptkb:Cisco_Talos
gptkb:Microsoft
gptkb:CrowdStrike
gptkb:Kaspersky_Lab
|
|
gptkbp:attributedTo
|
unknown
|
|
gptkbp:category
|
cybercrime
malware campaign
|
|
gptkbp:consequence
|
caused delays in event operations
disabled Wi-Fi and website access at the Olympics
disrupted IT systems at 2018 Winter Olympics
|
|
gptkbp:discoveredBy
|
2018
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Olympic Destroyer
|
|
gptkbp:notableFeature
|
contained code fragments from multiple APT groups
used false flags to mislead attribution
used legitimate tools for lateral movement
|
|
gptkbp:payload
|
credential harvesting
file deletion
service disruption
|
|
gptkbp:publicDisclosure
|
February 2018
|
|
gptkbp:spreadTo
|
credential theft
lateral movement
network propagation
|
|
gptkbp:suspectedAttribution
|
gptkb:APT3
gptkb:Sandworm_Team
gptkb:Lazarus_Group
gptkb:APT28
|
|
gptkbp:target
|
gptkb:Pyeongchang,_South_Korea
|
|
gptkbp:targetedEvent
|
gptkb:2018_Winter_Olympics
|
|
gptkbp:targetedOrganizations
|
gptkb:Olympic_event_organizers
Olympic IT providers
Olympic partners
|
|
gptkbp:usesMalware
|
wiper
worm
destructive malware
|
|
gptkbp:bfsParent
|
gptkb:TA-94
|
|
gptkbp:bfsLayer
|
5
|