|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
file transfer
persistence
modular plugin architecture
command execution
screenshot capture
keylogging
|
|
gptkbp:alsoKnownAs
|
gptkb:Sofacy_Group
gptkb:APT28
gptkb:CHOPSTICK
gptkb:Fancy_Bear
gptkb:Sofacy
|
|
gptkbp:connectsTo
|
gptkb:Russian_military_intelligence_(GRU)
|
|
gptkbp:developedBy
|
Russian state-sponsored actors
|
|
gptkbp:firstObserved
|
2014
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
SofacyCHOPSTICK
|
|
gptkbp:mitreTechnique
|
gptkb:T1059_(Command-Line_Interface)
gptkb:T1071_(Application_Layer_Protocol)
gptkb:T1086_(PowerShell)
gptkb:T1105_(Remote_File_Copy)
|
|
gptkbp:operatingSystem
|
gptkb:Windows
|
|
gptkbp:programmingLanguage
|
gptkb:C++
|
|
gptkbp:referencedIn
|
gptkb:MITRE_ATT&CK
|
|
gptkbp:supportsProtocol
|
gptkb:HTTP
HTTPS
SMTP
|
|
gptkbp:target
|
government organizations
military organizations
media organizations
political organizations
defense contractors
|
|
gptkbp:usedBy
|
gptkb:APT28
|
|
gptkbp:usesMalware
|
Trojan
modular backdoor
|
|
gptkbp:bfsParent
|
gptkb:Sednit
|
|
gptkbp:bfsLayer
|
6
|