gptkbp:instanceOf
|
cybercrime
|
gptkbp:activeYearsStart
|
2016
|
gptkbp:alsoKnownAs
|
gptkb:UNC1878
gptkb:Wizard_Spider
|
gptkbp:associatedWith
|
gptkb:Evil_Corp
gptkb:TA505
gptkb:FIN6
|
gptkbp:connectsTo
|
gptkb:Conti_ransomware_group
gptkb:Ryuk_ransomware_group
gptkb:TrickBot_group
|
gptkbp:countryOfOrigin
|
gptkb:Russia
|
https://www.w3.org/2000/01/rdf-schema#label
|
Twisted Spider
|
gptkbp:infrastructure
|
gptkb:Tor_network
cryptocurrency payments
bulletproof hosting
|
gptkbp:mainLanguage
|
gptkb:Russian
|
gptkbp:motive
|
financial gain
|
gptkbp:notableBattle
|
gptkb:Universal_Health_Services_ransomware_attack_(2020)
Ireland Health Service Executive ransomware attack (2021)
|
gptkbp:notableFor
|
gptkb:Conti_ransomware
gptkb:TrickBot_malware
gptkb:Ryuk_ransomware
double extortion ransomware attacks
|
gptkbp:status
|
active
|
gptkbp:tactics
|
data exfiltration
living off the land
lateral movement
privilege escalation
network reconnaissance
credential dumping
domain controller compromise
remote desktop protocol exploitation
email compromise
|
gptkbp:target
|
private companies
healthcare sector
government organizations
|
gptkbp:technique
|
phishing
malware deployment
ransomware-as-a-service
|
gptkbp:uses
|
gptkb:Ryuk
gptkb:Cobalt_Strike
gptkb:Conti
gptkb:Anchor
gptkb:Emotet
gptkb:BazarBackdoor
gptkb:Sidoh
gptkb:BazarLoader
gptkb:TrickBot
|
gptkbp:bfsParent
|
gptkb:Operation_Wocao
|
gptkbp:bfsLayer
|
7
|