🇷🇺
Gamaredon Group
APT Group
Information theft and espionage
13 zero-day CVEs
ETDA ✓
Also Known As 15 names
ACTINIUM
Actinium
Aqua Blizzard
Blue Otso
BlueAlpha
DEV-0157
G0047
Gamaredon
IRON TILDEN
PRIMITIVE BEAR
Shuckworm
Trident Ursa
UAC-0010
UNC530
Winterflounder
Target Countries 48
Countries highlighted in red
Albania
Austria
Australia
Bangladesh
Bulgaria
Brazil
Canada
Chile
China
Colombia
Germany
Denmark
Egypt
Spain
France
United Kingdom
Georgia
Greece
Guatemala
Honduras
Croatia
Indonesia
Israel
India
Islamic Republic of Iran
Italy
Japan
Republic of Korea
Kazakhstan
Lithuania
Latvia
Malaysia
Nigeria
Netherlands
Norway
Papua New Guinea
Pakistan
Poland
Portugal
Romania
Sweden
Slovakia
Turkey
Ukraine
United States
Uzbekistan
Vietnam
South Africa
Sectors Targeted
Public Administration
92
Grantmaking and Giving Services
8132
diplomats and journalists
Religious, Grantmaking, Civic, Professional, and Similar Organizations
813
Software Publishers
5112
Employment Placement Agencies and Executive Search Services
56131
Oil and Gas Extraction
211
Investigation, Guard, and Armored Car Services
56161
Law enforcement
Motion Picture and Video Production
51211
National Security and International Affairs
9281
NGOs
Utilities
22
Electric Power Generation
22111
Colleges, Universities, and Professional Schools
6113
Space Research and Technology
927
Agriculture, Forestry, Fishing and Hunting
11
Publishing Industries (except Internet)
511
Civic and Social Organizations
8134
Professional, Scientific, and Technical Services
54
National Security and International Affairs
928110
Computer Systems Design and Related Services
54151
Internet Publishing and Broadcasting and Web Search Portals
51913
Administrative and Support Services
561
Personal Care Services
8121
Government
Periodical Publishers
51112
Computer Systems Design Services
541512
NAICS:48
48
Security Guards and Patrol Services
561612
Other Services (except Public Administration)
81
Telecommunications
517
National Security and International Affairs
928
Insurance Carriers and Related Activities
524
Management, Scientific, and Technical Consulting Services
5416
Arts, Entertainment, and Recreation
71
Educational Services
61
Defense
Justice, Public Order, and Safety Activities
922
Details
Origin
🇷🇺 RU
Last Updated
17 Jan 2025
Malware Families 5
unidentified_003
dinotrain
remcom
dilongtrash
evilgnome
MITRE ATT&CK 142
T1001
T1005 - Data from Local System
T1008
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1016.001
T1020
T1021
T1021.005
T1025
T1027 - Obfuscated Files or Information
T1027.001
T1027.002 - Software Packing
T1027.004
T1027.010
T1027.012
T1027.015
T1027.016
T1029
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.005
T1039
T1041 - Exfiltration Over C2 Channel
T1047
T1048
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task
T1054 - Indicator Blocking
T1055
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.005
T1059.006 - Python
T1059.007
T1070
T1070.004
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1074 - Data Staged
T1078
T1080
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1090 - Proxy
T1090.003
T1091 - Replication Through Removable Media
T1095
T1102 - Web Service
T1102.002
T1102.003
T1105 - Ingress Tool Transfer
T1106
T1112 - Modify Registry
T1113
T1114
T1114.002
T1114.003
T1115 - Clipboard Data
T1119
T1120 - Peripheral Device Discovery
T1123
T1124 - System Time Discovery
T1129
T1132.001 - Standard Encoding
T1136
T1137
T1140 - Deobfuscate/Decode Files or Information
T1195 - Supply Chain Compromise
T1204 - User Execution
T1204.001
T1204.002 - Malicious File
T1208 - Kerberoasting
T1217 - Browser Bookmark Discovery
T1218
T1218.005
T1218.011
T1219 - Remote Access Software
T1221
T1480 - Execution Guardrails
T1485
T1491
T1491.001
T1497 - Virtualization/Sandbox Evasion
T1497.001
T1505 - Server Software Component
T1518 - Software Discovery
T1518.001
T1534
T1539
T1546
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1548 - Abuse Elevation Control Mechanism
T1550
T1550.004
T1557
T1559
T1559.001
T1561
T1561.001
T1562
T1562.001
T1564
T1564.003
T1566 - Phishing
T1566.001
T1568 - Dynamic Resolution
T1568.001
T1571 - Non-Standard Port
T1572 - Protocol Tunneling
T1573
T1583 - Acquire Infrastructure
T1583.001
T1583.003
T1583.006
T1585
T1585.001
T1585.002
T1586
T1586.002
T1587 - Develop Capabilities
T1587.003
T1588
T1588.002
T1589 - Gather Victim Identity Information
T1592 - Gather Victim Host Information
T1593
T1595 - Active Scanning
T1596 - Search Open Technical Databases
T1598
T1598.002
T1598.003
T1608 - Stage Capabilities
T1608.001
T1614 - System Location Discovery
T1620
T1685