🇷🇺
ELECTRUM
APT Group
Information theft and espionage
Sabotage and destruction
21 zero-day CVEs
ETDA ✓
Also Known As 14 names
APT44
Blue Echidna
Sandworm
FROZENBARENTS
G0034
IRIDIUM
IRON VIKING
Quedagh
Seashell Blizzard
TEMP.Noble
TeleBots
UAC-0082
UAC-0113
VOODOO BEAR
Target Countries 9
Countries highlighted in red
Bangladesh
Finland
France
Mexico
Malaysia
Poland
Province of China Taiwan
Ukraine
United States
Sectors Targeted
Government
Motion Picture and Video Production
51211
Software companies
Computer Systems Design Services
541512
Data Processing, Hosting, and Related Services
51821
Oil and gas
Periodical Publishers
51112
Sporting and Athletic Goods Manufacturing
339920
Transportation
Telecommunications
517
Internet Publishing and Broadcasting and Web Search Portals
51913
Financial
Technology
Remediation and Other Waste Management Services
5629
National Security and International Affairs
928110
Details
Origin
🇷🇺 RU
Last Updated
25 May 2024
Malware Families 16
grey_energy
arguepatch
exaramel
hermeticwiper
teledoor
dnwipe
zhmimikatz
cyclops_blink
telebot
olympic_destroyer
pas
eternal_petya
lazarus_killdisk
credraptor
roar_bat
swiftslicer
MITRE ATT&CK 198
T1001 - Data Obfuscation
T1003 - OS Credential Dumping
T1003.001 - LSASS Memory
T1003.003
T1005 - Data from Local System
T1007
T1008 - Fallback Channels
T1010
T1011
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1018
T1020
T1021 - Remote Services
T1021.001 - Remote Desktop Protocol
T1021.002 - SMB/Windows Admin Shares
T1021.004 - SSH
T1027 - Obfuscated Files or Information
T1027.002
T1027.010
T1033
T1036 - Masquerading
T1036.004
T1036.005 - Match Legitimate Name or Location
T1036.008
T1036.010
T1040
T1041 - Exfiltration Over C2 Channel
T1046
T1047 - Windows Management Instrumentation
T1048 - Exfiltration Over Alternative Protocol
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1049
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task
T1055
T1056 - Input Capture
T1056.001
T1057
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.005 - Visual Basic
T1060
T1064
T1068
T1070 - Indicator Removal on Host
T1070.004 - File Deletion
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1072 - Software Deployment Tools
T1078 - Valid Accounts
T1078.002
T1081
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085
T1087
T1087.002
T1087.003
T1090 - Proxy
T1090.002 - External Proxy
T1090.003 - Multi-hop Proxy
T1095 - Non-Application Layer Protocol
T1098
T1098.004 - SSH Authorized Keys
T1102
T1102.002
T1104 - Multi-Stage Channels
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110 - Brute Force
T1112
T1113 - Screen Capture
T1114
T1114.001
T1115
T1119
T1120
T1123
T1124 - System Time Discovery
T1125 - Video Capture
T1127
T1130
T1132
T1132.001
T1133
T1135 - Network Share Discovery
T1136
T1136.002
T1137
T1140 - Deobfuscate/Decode Files or Information
T1170
T1176
T1187 - Forced Authentication
T1190
T1195 - Supply Chain Compromise
T1195.002
T1199
T1203
T1204 - User Execution
T1204.001
T1204.002 - Malicious File
T1205
T1213
T1213.006
T1217
T1218 - Signed Binary Proxy Execution
T1218.011
T1219 - Remote Access Software
T1484
T1484.001
T1485 - Data Destruction
T1486 - Data Encrypted for Impact
T1489
T1490 - Inhibit System Recovery
T1491
T1491.002
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1497.003
T1498
T1499
T1503
T1505
T1505.001
T1505.003 - Web Shell
T1518
T1528
T1529 - System Shutdown/Reboot
T1531
T1539
T1543 - Create or Modify System Process
T1543.002
T1543.003
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1548 - Abuse Elevation Control Mechanism
T1550 - Use Alternate Authentication Material
T1552 - Unsecured Credentials
T1552.004 - Private Keys
T1553 - Subvert Trust Controls
T1554
T1555 - Credentials from Password Stores
T1555.003
T1560
T1561 - Disk Wipe
T1561.001 - Disk Content Wipe
T1561.002
T1562 - Impair Defenses
T1562.001
T1562.002
T1564
T1566 - Phishing
T1566.001
T1566.002
T1569 - System Services
T1570 - Lateral Tool Transfer
T1571
T1572 - Protocol Tunneling
T1573 - Encrypted Channel
T1573.002 - Asymmetric Cryptography
T1583
T1583.001
T1583.003 - Virtual Private Server
T1583.004
T1584
T1584.004 - Server
T1584.005
T1585
T1585.001
T1585.002
T1586
T1586.001
T1587
T1587.001
T1588
T1588.002
T1588.006
T1589
T1589.002
T1589.003 - Employee Names
T1590
T1590.001
T1591
T1591.002
T1592
T1592.002
T1593
T1594
T1595 - Active Scanning
T1595.002
T1596 - Search Open Technical Databases
T1598
T1598.003
T1608
T1608.001
TA0004
Related Zero-Days 21
CVE-2013-3906
CVE-2014-4114
CVE-2019-10149
CVE-2021-40444
CVE-2021-44228
CVE-2023-0669
CVE-2023-36884
CVE-2023-38831
CVE-2023-46805
CVE-2023-4966
CVE-2024-21887
CVE-2024-3400
CVE-2024-38213
CVE-2024-49039
CVE-2024-9680
CVE-2025-0282
CVE-2025-0283
CVE-2025-22457
CVE-2025-55182
CVE-2025-8088
CVE-2026-24858