🇷🇺
Energetic Bear
APT Group
Information theft and espionage
Sabotage and destruction
5 zero-day CVEs
ETDA ✓
Also Known As 17 names
ALLANITE
ATK6
BERSERK BEAR
BROMINE
Blue Kraken
CASTLE
Crouching Yeti
DYMALLOY
Dragonfly
G0035
Ghost Blizzard
Group 24
Havex
IRON LIBERTY
ITG15
Koala Team
TG-4192
Target Countries 22
Countries highlighted in red
Austria
Australia
Azerbaijan
Belgium
Brazil
Canada
Switzerland
Germany
Egypt
Spain
France
United Kingdom
Greece
Italy
Norway
Poland
Romania
Serbia
Singapore
Turkey
Ukraine
United States
Sectors Targeted
Education
Energy
Telecommunications
517
Construction
Computer Systems Design and Related Services
54151
Computer Systems Design Services
541512
Pharmaceutical
Remediation and Other Waste Management Services
5629
National Security and International Affairs
928110
Oil and gas
Finance and Insurance
52
Industrial
Engineering Services
54133
Newspaper Publishers
51111
Defense
Management, Scientific, and Technical Consulting Services
5416
Hospitals
622
IT
Manufacturing
Oil and Gas Extraction
211
Aviation
Commercial and Service Industry Machinery Manufacturing
33331
Justice, Public Order, and Safety Activities
9221
Details
Origin
🇷🇺 RU
Last Updated
01 Jun 2022
Malware Families 5
hermeticwiper
havex_rat
zhmimikatz
karagany
t_cmd
MITRE ATT&CK 172
T1001 - Data Obfuscation
T1003
T1003.002
T1003.003
T1003.004
T1005
T1007
T1008 - Fallback Channels
T1011
T1012
T1016
T1018 - Remote System Discovery
T1021
T1021.001
T1027 - Obfuscated Files or Information
T1033
T1036
T1036.010
T1038 - DLL Search Order Hijacking
T1040
T1041
T1045 - Software Packing
T1047
T1048
T1049
T1053 - Scheduled Task/Job
T1053.001 - At (Linux)
T1053.002 - At (Windows)
T1053.003 - Cron
T1053.005
T1053.006 - Systemd Timers
T1053.007 - Container Orchestration Job
T1055
T1055.001 - Dynamic-link Library Injection
T1055.002 - Portable Executable Injection
T1055.003 - Thread Execution Hijacking
T1055.004 - Asynchronous Procedure Call
T1055.008 - Ptrace System Calls
T1056 - Input Capture
T1057
T1059 - Command and Scripting Interpreter
T1059.001
T1059.003
T1059.006
T1060 - Registry Run Keys / Startup Folder
T1069
T1069.002
T1070
T1070.001
T1070.004
T1071 - Application Layer Protocol
T1071.001
T1071.002
T1074
T1074.001
T1078
T1078.003
T1081
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085
T1087
T1087.002
T1090
T1095 - Non-Application Layer Protocol
T1098
T1098.007
T1102
T1105 - Ingress Tool Transfer
T1106
T1110
T1110.002
T1112
T1113
T1114
T1114.001
T1114.002
T1115
T1119
T1120
T1124
T1127
T1129
T1130
T1132
T1133
T1135
T1136
T1136.001
T1137
T1140 - Deobfuscate/Decode Files or Information
T1170
T1176
T1187
T1189
T1190
T1195
T1195.002
T1199
T1203
T1204 - User Execution
T1204.002
T1210
T1217
T1218 - Signed Binary Proxy Execution
T1219
T1220
T1221
T1485
T1486
T1489
T1490 - Inhibit System Recovery
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1497.003
T1498 - Network Denial of Service
T1503
T1505
T1505.003
T1518 - Software Discovery
T1529
T1530
T1531
T1539
T1543
T1547 - Boot or Logon Autostart Execution
T1547.001
T1550
T1552
T1553 - Subvert Trust Controls
T1555
T1560
T1561
T1562
T1562.001
T1562.004
T1564
T1564.002
T1566 - Phishing
T1566.001
T1566.002
T1568
T1571
T1573 - Encrypted Channel
T1574
T1574.002
T1583
T1583.001
T1583.003
T1584
T1584.004
T1587
T1588
T1588.002
T1591
T1591.002
T1595
T1595.002
T1598
T1598.002
T1598.003
T1608
T1608.004
T1685
T1685.005
T1686
TA0002
TA0003
TA0004
TA0005
TA0008
TA0011 - Command and Control