|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
remote access
command execution
information stealing
file exfiltration
|
|
gptkbp:alsoKnownAs
|
gptkb:Zebrocy_backdoor
gptkb:Zebrocy
|
|
gptkbp:area
|
gptkb:Caucasus
gptkb:Central_Asia
gptkb:Eastern_Europe
|
|
gptkbp:associatedWith
|
gptkb:Russian_cyber_espionage
|
|
gptkbp:category
|
cyber espionage tool
|
|
gptkbp:commanded
|
gptkb:FTP
gptkb:HTTP
SMTP
|
|
gptkbp:CVEExploited
|
gptkb:CVE-2017-0199
gptkb:CVE-2017-11882
|
|
gptkbp:deliveredBy
|
malicious attachment
phishing email
|
|
gptkbp:firstObserved
|
2015
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Zebrocy malware
|
|
gptkbp:industry
|
gptkb:government
gptkb:military
diplomatic
|
|
gptkbp:MITRE_ATT&CK_ID
|
S0081
|
|
gptkbp:notable_campaign
|
gptkb:2018_Central_Asia_attacks
gptkb:2019_Eastern_Europe_attacks
|
|
gptkbp:observedBy
|
gptkb:Palo_Alto_Networks
gptkb:ESET
gptkb:Kaspersky_Lab
gptkb:MITRE_ATT&CK
|
|
gptkbp:persistenceMechanism
|
registry modification
scheduled task
startup folder
|
|
gptkbp:platform
|
gptkb:Windows
gptkb:macOS
gptkb:Linux
|
|
gptkbp:programmingLanguage
|
gptkb:Delphi
gptkb:AutoIt
gptkb:Go
gptkb:C#
|
|
gptkbp:relatedTo
|
gptkb:Sofacy_Group
|
|
gptkbp:usedBy
|
gptkb:APT28
gptkb:Fancy_Bear
|
|
gptkbp:usesMalware
|
backdoor
trojan
|
|
gptkbp:bfsParent
|
gptkb:Zebrocy
|
|
gptkbp:bfsLayer
|
6
|