|
gptkbp:instanceOf
|
gptkb:malware
|
|
gptkbp:abilities
|
remote access
web injection
network propagation
harvesting Active Directory data
harvesting browser data
harvesting credentials
harvesting cryptocurrency wallets
harvesting email accounts
harvesting system information
spreading via RDP
spreading via SMB
spreading via brute force
|
|
gptkbp:activeIn
|
true
|
|
gptkbp:alias
|
gptkb:trickster
gptkb:TrickLoader
gptkb:Terdot
|
|
gptkbp:area
|
gptkb:Asia
gptkb:Europe
gptkb:Latin_America
gptkb:United_States
|
|
gptkbp:developedBy
|
gptkb:cybercrime
|
|
gptkbp:discoveredBy
|
2016
|
|
gptkbp:disruptionDate
|
October 2020
|
|
gptkbp:industry
|
gptkb:government
education
financial services
healthcare
retail
|
|
gptkbp:interruptedBy
|
gptkb:Microsoft
gptkb:US_Cyber_Command
international law enforcement
|
|
gptkbp:modularDesign
|
true
|
|
gptkbp:notable_campaign
|
gptkb:Conti_ransomware
gptkb:Ryuk_ransomware
|
|
gptkbp:platform
|
gptkb:Microsoft_Windows
|
|
gptkbp:primaryUse
|
gptkb:information_stealer
gptkb:malware
gptkb:botnet
|
|
gptkbp:relatedTo
|
gptkb:Ryuk
gptkb:Conti
gptkb:Emotet
gptkb:Anchor_malware
gptkb:BazarLoader
|
|
gptkbp:spreadTo
|
gptkb:Emotet_malware
gptkb:EternalBlue_exploit
malicious email attachments
malicious links
|
|
gptkbp:type
|
trojan
|
|
gptkbp:usedFor
|
data exfiltration
credential theft
lateral movement
ransomware delivery
|
|
gptkbp:uses
|
command and control servers
encrypted communication
malicious modules
|
|
gptkbp:writtenBy
|
gptkb:C++
C
|
|
gptkbp:bfsParent
|
gptkb:Domain_Generation_Algorithm
gptkb:IcedID
gptkb:Conti
|
|
gptkbp:bfsLayer
|
6
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
TrickBot
|