Statements (52)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
malware
|
| gptkbp:abilities |
stealth
remote access data exfiltration modular architecture screenshot capture command and control communication file theft network sniffing password stealing custom payloads keystroke logging |
| gptkbp:alias |
gptkb:Regin
gptkb:QWERTY WarriorPride Prax |
| gptkbp:category |
advanced persistent threat
state-sponsored malware cyber weapon |
| gptkbp:connectsTo |
gptkb:Five_Eyes
gptkb:NSA gptkb:United_Kingdom gptkb:United_States gptkb:GCHQ |
| gptkbp:detectionDifficulty |
very difficult
|
| gptkbp:discoveredBy |
gptkb:Symantec
2014 |
| gptkbp:diseaseVector |
spear phishing
watering hole attacks exploiting zero-day vulnerabilities |
| https://www.w3.org/2000/01/rdf-schema#label |
Regin malware
|
| gptkbp:notableEvent |
gptkb:European_Union_institutions
gptkb:Belgacom_hack Iranian targets Middle East targets Russian research organizations Saudi Arabian telecoms |
| gptkbp:persistenceMechanism |
multiple stages
encrypted payloads hidden in system files |
| gptkbp:platform |
gptkb:Microsoft_Windows
|
| gptkbp:removalDifficulty |
high
|
| gptkbp:target |
private individuals
research institutions government organizations telecommunications companies |
| gptkbp:type |
modular malware
|
| gptkbp:usedFor |
cybercrime
data collection surveillance |
| gptkbp:bfsParent |
gptkb:Equation_Group
|
| gptkbp:bfsLayer |
7
|