SofacyADVSTORESHELL

URI: https://gptkb.org/entity/SofacyADVSTORESHELL
GPTKB entity
Statements (39)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities command and control
remote access
data exfiltration
gptkbp:alsoKnownAs gptkb:APT28
gptkb:Fancy_Bear
gptkb:Sofacy
gptkbp:area gptkb:Asia
gptkb:Europe
gptkb:United_States
gptkbp:associatedWith gptkb:Russian_military_intelligence
gptkbp:category cybercrime
gptkbp:connectsTo gptkb:GRU
gptkbp:deliveredBy phishing emails
malicious attachments
exploit kits
gptkbp:exfiltrationMethod gptkb:FTP
gptkb:HTTP
HTTPS
gptkbp:firstObserved 2014
https://www.w3.org/2000/01/rdf-schema#label SofacyADVSTORESHELL
gptkbp:industry gptkb:energy
gptkb:government
gptkb:media
gptkb:military
defense
gptkbp:notableEvent gptkb:2016_US_Democratic_National_Committee_hack
gptkbp:operatingSystem gptkb:Windows
gptkbp:persistenceMechanism registry modification
scheduled tasks
gptkbp:programmingLanguage gptkb:C++
C
gptkbp:subtechnique gptkb:T1027_(Obfuscated_Files_or_Information)
gptkb:T1071_(Application_Layer_Protocol)
gptkb:T1105_(Ingress_Tool_Transfer)
gptkbp:usedBy gptkb:APT28
gptkbp:usesMalware backdoor
gptkbp:bfsParent gptkb:Sednit
gptkbp:bfsLayer 6