|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2015
|
|
gptkbp:alsoKnownAs
|
gptkb:APT28_sub-group
gptkb:Sednit
|
|
gptkbp:associatedWith
|
gptkb:APT28
gptkb:Fancy_Bear
|
|
gptkbp:connectsTo
|
gptkb:GRU
gptkb:Russian_military_intelligence
|
|
gptkbp:countryOfOrigin
|
gptkb:Russia
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Zebrocy
|
|
gptkbp:language
|
gptkb:Russian
English
|
|
gptkbp:notableOperation
|
attacks on Central Asian governments
attacks on European governments
attacks on embassies
|
|
gptkbp:observedBy
|
gptkb:Kaspersky
gptkb:CrowdStrike
gptkb:ESET
gptkb:FireEye
gptkb:MITRE_ATT&CK
|
|
gptkbp:target
|
gptkb:Central_Asia
gptkb:Western_Europe
gptkb:Eastern_Europe
government organizations
military organizations
diplomatic organizations
|
|
gptkbp:technique
|
phishing emails
credential harvesting
custom backdoors
malicious attachments
spear phishing
malware loaders
|
|
gptkbp:TTPs
|
data exfiltration
lateral movement
custom malware development
initial access via phishing
multi-stage infection chains
|
|
gptkbp:usesMalware
|
gptkb:Zebrocy_malware
gptkb:Delphi
gptkb:Python
gptkb:Go
gptkb:C++
gptkb:.NET
.NET malware
Delphi malware
Go malware
Python malware
|
|
gptkbp:bfsParent
|
gptkb:TA-102
gptkb:TA-89
|
|
gptkbp:bfsLayer
|
5
|