|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activePeriod
|
2016-2022
|
|
gptkbp:alsoKnownAs
|
gptkb:Wizard_Spider
|
|
gptkbp:associatedWith
|
gptkb:Emotet
gptkb:TA505
gptkb:FIN6
|
|
gptkbp:countryOfOrigin
|
gptkb:Russia
|
|
gptkbp:disbanded
|
2022
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
TrickBot gang
|
|
gptkbp:interruptedBy
|
gptkb:Microsoft
gptkb:Europol
gptkb:FBI
gptkb:US_Cyber_Command
|
|
gptkbp:mainLanguage
|
gptkb:Russian
|
|
gptkbp:notableBattle
|
gptkb:Universal_Health_Services_ransomware_attack_(2020)
attacks on critical infrastructure
attacks on educational institutions
attack on hospitals during COVID-19 pandemic
attacks on US municipalities
|
|
gptkbp:notableFor
|
gptkb:Conti_ransomware
gptkb:TrickBot_malware
gptkb:Ryuk_ransomware
data exfiltration
modular malware architecture
phishing campaigns
credential theft
malware-as-a-service
network propagation
ransomware deployment
banking trojans
botnet operations
collaboration with other cybercriminal groups
use of Cobalt Strike
use of EternalBlue exploit
use of Mimikatz
use of PowerShell scripts
use of malicious attachments
use of malicious links
use of spear phishing emails
use of web injects
|
|
gptkbp:successor
|
gptkb:Conti_ransomware_group
gptkb:Black_Basta_ransomware_group
|
|
gptkbp:target
|
gptkb:government_agency
healthcare organizations
financial institutions
|
|
gptkbp:usesMalware
|
gptkb:Ryuk
gptkb:Conti
gptkb:Anchor
gptkb:BazarLoader
gptkb:TrickBot
|
|
gptkbp:bfsParent
|
gptkb:Wizard_Spider_group
|
|
gptkbp:bfsLayer
|
6
|