Statements (51)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:malware
|
| gptkbp:abilities |
remote access
credential theft web injection keylogging |
| gptkbp:affiliatedWith |
cybercriminal groups
|
| gptkbp:alsoKnownAs |
gptkb:Terdot
Zbot |
| gptkbp:area |
gptkb:Asia
gptkb:Europe gptkb:North_America |
| gptkbp:commanded |
gptkb:HTTP
encrypted channels |
| gptkbp:detects |
gptkb:Kaspersky
gptkb:Symantec gptkb:Microsoft_Defender |
| gptkbp:exploitedVulnerabilities |
malicious scripts
macro-enabled Office documents Microsoft digital signature verification flaw (CVE-2013-3900) |
| gptkbp:firstAppearance |
2016
|
| gptkbp:lawEnforcementResponse |
takedown by Microsoft and partners in April 2022
|
| gptkbp:notable_campaign |
Conti ransomware delivery
2020-2021 global attacks Ryuk ransomware delivery |
| gptkbp:notableFeature |
modular architecture
persistence mechanisms code obfuscation anti-analysis techniques |
| gptkbp:platform |
gptkb:Windows
|
| gptkbp:primaryUse |
delivering other malware
stealing banking credentials |
| gptkbp:relatedTo |
gptkb:Zeus_malware_family
|
| gptkbp:repository |
not publicly available
|
| gptkbp:spreadTo |
malicious websites
malicious email attachments exploit kits |
| gptkbp:status |
active as of 2022
disrupted by law enforcement in 2022 |
| gptkbp:usedFor |
gptkb:fraud
ransomware delivery |
| gptkbp:uses |
DLL injection
process hollowing browser manipulation malicious payload download phishing techniques |
| gptkbp:usesMalware |
gptkb:malware
|
| gptkbp:writtenBy |
gptkb:C++
|
| gptkbp:bfsParent |
gptkb:Royal_APT
gptkb:Terdot |
| gptkbp:bfsLayer |
8
|
| https://www.w3.org/2000/01/rdf-schema#label |
ZLoader
|