🇷🇺
White Bear
APT Group
Information theft and espionage
12 zero-day CVEs
ETDA ✓
Also Known As 1 names
Skipper Turla
Target Countries 58
Countries highlighted in red
United Arab Emirates
Afghanistan
Armenia
Austria
Australia
Azerbaijan
Belgium
Bulgaria
Brazil
Belarus
Canada
Switzerland
Chile
China
Cyprus
Czech Republic
Germany
Denmark
Estonia
Spain
France
United Kingdom
Georgia
Greece
Croatia
Hungary
India
Iraq
Islamic Republic of Iran
Italy
Jordan
Japan
Republic of Korea
Kazakhstan
Latvia
Republic of Moldova
Montenegro
Former Yugoslav Republic of Macedonia
Mongolia
Mexico
Malaysia
Netherlands
Norway
Pakistan
Poland
Romania
Saudi Arabia
Sweden
Slovakia
Thailand
Tajikistan
Turkey
Ukraine
Uganda
United States
Uzbekistan
Vietnam
South Africa
Sectors Targeted
Industrial
Public Administration
92
Construction
Healthcare
Automobile Dealers
4411
Accommodation
721
Automotive
Construction
23
Software Publishers
5112
Intelligence organizations
Oil and Gas Extraction
211
Chemical Manufacturing
325
NAICS:44
44
Embassies
NGOs
Utilities
22
Media
Private sector
Space Research and Technology
927
Think Tanks
Publishing Industries (except Internet)
511
Engineering
Professional, Scientific, and Technical Services
54
Internet Publishing and Broadcasting and Web Search Portals
51913
Chemical
Government
Computer Systems Design Services
541512
NAICS:48
48
Oil and gas
Aviation
Energy
Other Services (except Public Administration)
81
Telecommunications
517
National Security and International Affairs
928
Insurance Carriers and Related Activities
524
Educational Services
61
IT
Air Transportation
481
Health Care and Social Assistance
62
Mining, Quarrying, and Oil and Gas Extraction
21
Financial
Information
51
Defense
Finance and Insurance
52
Education
Details
Origin
🇷🇺 RU
Last Updated
01 Jun 2022
MITRE ATT&CK 158
T1001
T1001.001
T1003
T1003.001
T1003.002
T1003.003
T1005 - Data from Local System
T1006
T1014
T1016
T1016.002
T1021
T1021.001
T1021.002
T1021.004 - SSH
T1025
T1027 - Obfuscated Files or Information
T1027.013
T1030
T1036
T1036.005 - Match Legitimate Name or Location
T1037
T1037.001
T1039
T1040
T1041 - Exfiltration Over C2 Channel
T1048
T1048.002
T1053.003 - Cron
T1053.005 - Scheduled Task
T1055 - Process Injection
T1056
T1056.001
T1056.003 - Web Portal Capture
T1057
T1059
T1059.001 - PowerShell
T1059.003
T1059.007 - JavaScript
T1068
T1069 - Permission Groups Discovery
T1070
T1070.001
T1070.004
T1070.006
T1071
T1071.001 - Web Protocols
T1071.003
T1071.004 - DNS
T1074
T1074.001
T1074.002
T1078 - Valid Accounts
T1078.004
T1082 - System Information Discovery
T1083
T1087.003 - Email Account
T1090 - Proxy
T1090.001
T1090.002
T1090.003
T1091
T1092
T1098 - Account Manipulation
T1098.001 - Additional Cloud Credentials
T1098.002
T1102
T1102.002
T1105 - Ingress Tool Transfer
T1110
T1110.001
T1110.003
T1111 - Two-Factor Authentication Interception
T1113
T1114
T1114.002 - Remote Email Collection
T1114.003 - Email Forwarding Rule
T1119
T1120 - Peripheral Device Discovery
T1133 - External Remote Services
T1134
T1134.001
T1137
T1137.002
T1140 - Deobfuscate/Decode Files or Information
T1185 - Man in the Browser
T1189
T1190 - Exploit Public-Facing Application
T1193
T1199
T1203 - Exploitation for Client Execution
T1204
T1204.001 - Malicious Link
T1204.002
T1210
T1211
T1212 - Exploitation for Credential Access
T1213 - Data from Information Repositories
T1213.002
T1218
T1218.011
T1221
T1498
T1505
T1505.003
T1528 - Steal Application Access Token
T1539 - Steal Web Session Cookie
T1542
T1542.003
T1543.002 - Systemd Service
T1546
T1546.015
T1547 - Boot or Logon Autostart Execution
T1547.001
T1550
T1550.001
T1550.002
T1555.003 - Credentials from Web Browsers
T1557
T1557.004
T1559
T1559.002
T1560
T1560.001
T1561
T1561.001
T1562
T1562.001 - Disable or Modify Tools
T1562.004
T1564
T1564.001 - Hidden Files and Directories
T1564.003
T1566
T1566.001 - Spearphishing Attachment
T1566.002 - Spearphishing Link
T1567 - Exfiltration Over Web Service
T1573
T1573.001
T1583
T1583.001 - Domains
T1583.003
T1583.006
T1584
T1584.008
T1586
T1586.002 - Email Accounts
T1588
T1588.002
T1589
T1589.001
T1591
T1595 - Active Scanning
T1595.002
T1596
T1598
T1598.003
T1613 - Container and Resource Discovery
T1669