Statements (63)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cyber threat group
|
| gptkbp:activity |
malspam campaigns
|
| gptkbp:alsoKnownAs |
gptkb:Shathak
|
| gptkbp:area |
gptkb:Europe
gptkb:North_America |
| gptkbp:associatedWith |
financially motivated attacks
|
| gptkbp:firstObserved |
2016
|
| https://www.w3.org/2000/01/rdf-schema#label |
TA551 threat group
|
| gptkbp:industry |
gptkb:government_ministry
education sector healthcare sector corporate sector |
| gptkbp:mainLanguage |
gptkb:German
gptkb:Italian English |
| gptkbp:malwareDelivered |
gptkb:Ursnif
gptkb:IcedID gptkb:Emotet gptkb:QakBot gptkb:Valak |
| gptkbp:notableFor |
2020
2021 2022 |
| gptkbp:target |
organizations worldwide
|
| gptkbp:uses |
social engineering
PowerShell scripts living-off-the-land techniques malicious email attachments email spoofing C2 infrastructure batch scripts email thread hijacking macro-enabled documents malicious CAB files malicious DLL files malicious EXE files malicious Excel documents malicious HTML files malicious ISO files malicious JS scripts malicious JavaScript files malicious LNK files malicious MSI files malicious PDF files malicious RAR files malicious URLs malicious VBA macros malicious VBS scripts malicious Word documents malicious downloaders malicious droppers malicious password-protected archives malicious password-protected attachments malicious shortcut files multi-stage payload delivery obfuscated code password-protected ZIP files reply-chain email attacks thread hijacking |
| gptkbp:vectorFor |
phishing emails
malicious attachments |
| gptkbp:bfsParent |
gptkb:IcedID
|
| gptkbp:bfsLayer |
6
|