|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2016
|
|
gptkbp:alsoKnownAs
|
gptkb:Gold_Blackburn
gptkb:UNC1878
|
|
gptkbp:area
|
gptkb:Asia
gptkb:Europe
gptkb:United_States
|
|
gptkbp:associatedWith
|
gptkb:Grim_Spider
gptkb:UNC1878
gptkb:TA505
gptkb:FIN6
|
|
gptkbp:countryOfOrigin
|
gptkb:Russia
|
|
gptkbp:estimatedRevenue
|
hundreds of millions of dollars
|
|
gptkbp:hasVictimCount
|
hundreds of organizations
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
WIZARD SPIDER
|
|
gptkbp:infrastructure
|
gptkb:Tor_network
command and control servers
bulletproof hosting
fast flux DNS
|
|
gptkbp:mainLanguage
|
gptkb:Russian
|
|
gptkbp:monitors
|
gptkb:UK_National_Crime_Agency
gptkb:Europol
gptkb:FBI
gptkb:US_Cybersecurity_and_Infrastructure_Security_Agency
|
|
gptkbp:motive
|
financial gain
|
|
gptkbp:notableBattle
|
gptkb:Universal_Health_Services_ransomware_attack_(2020)
Ireland Health Service Executive ransomware attack (2021)
|
|
gptkbp:notableFor
|
gptkb:Conti_ransomware
gptkb:BazarLoader_malware
gptkb:TrickBot_malware
gptkb:Ryuk_ransomware
double extortion ransomware attacks
|
|
gptkbp:notableMember
|
Dmitry Khoroshev
|
|
gptkbp:status
|
active
|
|
gptkbp:target
|
gptkb:government_agency
healthcare organizations
financial institutions
|
|
gptkbp:technique
|
phishing
malware distribution
data exfiltration
lateral movement
ransomware deployment
|
|
gptkbp:usesMalware
|
gptkb:Ryuk
gptkb:Cobalt_Strike
gptkb:Conti
gptkb:Anchor
gptkb:BazarLoader
gptkb:TrickBot
|
|
gptkbp:bfsParent
|
gptkb:Ryuk_ransomware_group
|
|
gptkbp:bfsLayer
|
7
|