🇷🇺
Librarian Ghouls
APT Group
1 zero-day CVE
Also Known As
No alias recordedTarget Countries 5
Countries highlighted in red
Belarus
Kazakhstan
Mongolia
Russian Federation
Ukraine
Sectors Targeted
Management of Companies and Enterprises
55
National Security and International Affairs
928
Water Transportation
483
Computer and Electronic Product Manufacturing
334
Software Publishers
5112
Space Research and Technology
927
Cryptocurrency
Education
Automobile Dealers
4411
NAICS:31
31
Educational Services
61
Industrial
Public Administration
92
Utilities
22
Computer Systems Design and Related Services
5415
Professional, Scientific, and Technical Services
54
Electrical Equipment, Appliance, and Component Manufacturing
335
Oil and Gas Extraction
211
Aircraft Manufacturing
336411
Information
51
Commodity Contracts Intermediation
523160
Ammunition (except Small Arms) Manufacturing
332993
National Security and International Affairs
928110
Other Services (except Public Administration)
81
Computer Systems Design Services
541512
Details
Origin
🇷🇺 RU
Last Updated
13 Apr 2026
MITRE ATT&CK 32
T1005 - Data from Local System
T1027 - Obfuscated Files or Information
T1036 - Masquerading
T1036.005 - Masquerading Match Legitimate Name or Location
T1048 - Exfiltration Over Alternative Protocol
T1049 - System Network Connections Discovery
T1053.005 - Scheduled TaskJob Scheduled Task
T1059 - Command and Scripting Interpreter
T1059.003 - Command and Scripting Interpreter Windows Command Shell
T1070.004 - File Deletion
T1071.001 - Web Protocols
T1082 - System Information Discovery
T1095 - Non-Application Layer Protocol
T1102 - Web Service
T1105 - Ingress Tool Transfer
T1140 - Deobfuscate/Decode Files or Information
T1189 - Driveby Compromise
T1195 - Supply Chain Compromise
T1204.002 - Malicious File
T1218 - Signed Binary Proxy Execution
T1219 - Remote Access Software
T1496 - Resource Hijacking
T1543.003 - Windows Service
T1547 - Boot or Logon Autostart Execution
T1555.003 - Credentials from Password Stores Credentials from Web Browsers
T1562 - Impair Defenses
T1566 - Phishing
T1566.001 - Phishing Spearphishing Attachment
T1571 - NonStandard Port
T1574.002 - Hijack Execution Flow DLL SideLoading
T1588 - Obtain Capabilities
T1588.002 - Obtain Capabilities Tool