Statements (51)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cyber threat group
|
| gptkbp:activeYearsStart |
2015
|
| gptkbp:alsoKnownAs |
gptkb:APT28
gptkb:Sofacy gptkb:Zebrocy |
| gptkbp:associatedWith |
gptkb:Russian_government
|
| gptkbp:connectsTo |
gptkb:GRU
gptkb:APT28 gptkb:Fancy_Bear |
| gptkbp:countryOfOrigin |
gptkb:Russia
|
| https://www.w3.org/2000/01/rdf-schema#label |
SofacyZebrocy
|
| gptkbp:infrastructure |
command and control servers
malicious domains malicious email accounts |
| gptkbp:language |
gptkb:Delphi
gptkb:Python gptkb:AutoIt gptkb:PowerShell gptkb:Go gptkb:C++ gptkb:VBScript gptkb:.NET |
| gptkbp:notableOperation |
targeting of Central Asian governments
targeting of European governments targeting of NATO members |
| gptkbp:payload |
keyloggers
custom malware downloaders information stealers remote access trojans |
| gptkbp:target |
gptkb:energy
government organizations military organizations defense contractors diplomatic organizations |
| gptkbp:technique |
phishing
custom backdoors living off the land malicious attachments spear phishing fileless malware code obfuscation anti-analysis techniques DLL side-loading |
| gptkbp:usesMalware |
gptkb:Zebrocy_malware_family
.NET malware Delphi malware Go malware Python malware |
| gptkbp:bfsParent |
gptkb:Sednit
|
| gptkbp:bfsLayer |
6
|