|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2012
|
|
gptkbp:alsoKnownAs
|
gptkb:APT37
gptkb:Group123
cathedral
|
|
gptkbp:associatedWith
|
gptkb:North_Korean_government
|
|
gptkbp:attributedTo
|
gptkb:Kaspersky
gptkb:Microsoft
gptkb:CrowdStrike
gptkb:FireEye
ESTsecurity
|
|
gptkbp:connectsTo
|
gptkb:Lazarus_Group
gptkb:Kimsuky
|
|
gptkbp:countryOfOrigin
|
gptkb:North_Korea
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
ScarCruft
|
|
gptkbp:infrastructure
|
compromised websites
malicious domains
social media accounts
cloud storage abuse
|
|
gptkbp:mainLanguage
|
gptkb:Korean
|
|
gptkbp:motive
|
gptkb:intelligence_gathering
espionage
political objectives
|
|
gptkbp:notableBattle
|
gptkb:Operation_Daybreak
gptkb:Operation_North_Star
Operation Erebus
Operation In(ter)ception
Operation Ricochet Chollima
|
|
gptkbp:target
|
gptkb:Japan
gptkb:Middle_East
gptkb:Russia
gptkb:South_Korea
gptkb:Vietnam
gptkb:military
journalists
human rights activists
government organizations
diplomatic entities
|
|
gptkbp:technique
|
spear phishing
watering hole attacks
exploit public vulnerabilities
|
|
gptkbp:usesMalware
|
gptkb:bird
gptkb:BabyShark
gptkb:Bluelight
gptkb:DestoryRAT
RATs
RokRat
EvilNewYear
POORWEB
|
|
gptkbp:bfsParent
|
gptkb:Red_Star_APT
gptkb:APT37
gptkb:Chollima-316
|
|
gptkbp:bfsLayer
|
8
|