|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2014
|
|
gptkbp:alsoKnownAs
|
SectorJ04
|
|
gptkbp:attackMethods
|
phishing emails
malicious attachments
spear phishing
malicious links
malware loaders
|
|
gptkbp:attributionConfidence
|
high
|
|
gptkbp:connectsTo
|
gptkb:Evil_Corp
gptkb:FIN11
|
|
gptkbp:countryOfOperation
|
gptkb:Asia
gptkb:Europe
gptkb:North_America
global
|
|
gptkbp:countryOfOrigin
|
gptkb:Russia
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
TA505
|
|
gptkbp:industry
|
gptkb:government
financial services
healthcare
retail
|
|
gptkbp:infrastructure
|
malicious domains
compromised servers
bulletproof hosting
fast flux DNS
|
|
gptkbp:monitors
|
gptkb:Microsoft
gptkb:Mandiant
gptkb:US-CERT
gptkb:Europol
|
|
gptkbp:notableBattle
|
gptkb:2016_Locky_ransomware_campaign
gptkb:2017_Dridex_banking_trojan_campaign
gptkb:2019_Clop_ransomware_campaign
|
|
gptkbp:notableFor
|
malware distribution
ransomware attacks
banking trojans
large-scale phishing campaigns
|
|
gptkbp:notableTool
|
gptkb:Cobalt_Strike
gptkb:Remote_Manipulator_System_(RMS)
FlawedGrace
|
|
gptkbp:status
|
active
|
|
gptkbp:tactics
|
data exfiltration
initial access
lateral movement
ransomware deployment
|
|
gptkbp:usesMalware
|
gptkb:Dridex
gptkb:Locky
gptkb:Clop
gptkb:FlawedAmmyy
gptkb:SDBbot
gptkb:ServHelper
|
|
gptkbp:bfsParent
|
gptkb:Hacker
gptkb:TrickBot_gang
gptkb:TrickBot_group
gptkb:Clop_ransomware_group
|
|
gptkbp:bfsLayer
|
7
|