🇷🇺
The Shadow Brokers
APT Group
27 zero-day CVEs
ETDA ✓
Also Known As 3 names
Shadow Brokers
ShadowBrokers
TSB
Target Countries 12
Countries highlighted in red
Belgium
Brazil
Switzerland
Egypt
France
United Kingdom
India
Pakistan
Russian Federation
Ukraine
United States
Yemen
Sectors Targeted
Air Transportation
481
Finance and Insurance
52
Computer Systems Design Services
541512
Periodical Publishers
51112
Engineering Services
54133
Scientific Research and Development Services
5417
Public Administration
92
Computer Systems Design and Related Services
54151
Religious Organizations
8131
Freight Transportation Arrangement
48851
Hospitals
622
Data Processing, Hosting, and Related Services
51821
Internet Publishing and Broadcasting and Web Search Portals
51913
Construction
23
Employment Placement Agencies and Executive Search Services
56131
Truck Transportation
484
Motion Picture and Video Production
51211
National Security and International Affairs
928110
Details
Origin
🇷🇺 RU
Last Updated
01 Jun 2022
MITRE ATT&CK 57
T1003
T1014 - Rootkit
T1018
T1020
T1021.001 - Remote Desktop Protocol
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1045 - Software Packing
T1047 - Windows Management Instrumentation
T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1053 - Scheduled Task/Job
T1054 - Indicator Blocking
T1055
T1059
T1060 - Registry Run Keys / Startup Folder
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1074 - Data Staged
T1078
T1078.003
T1082
T1083
T1090 - Proxy
T1095 - Non-Application Layer Protocol
T1105 - Ingress Tool Transfer
T1133
T1134.002 - Create Process with Token
T1140 - Deobfuscate/Decode Files or Information
T1189 - Drive-by Compromise
T1190
T1204.002 - Malicious File
T1210
T1219
T1408 - Disguise Root/Jailbreak Indicators
T1486 - Data Encrypted for Impact
T1491.001
T1547
T1547.001 - Registry Run Keys / Startup Folder
T1560
T1561.001 - Disk Content Wipe
T1564.002
T1564.006
T1566 - Phishing
T1567.002 - Exfiltration to Cloud Storage
T1571 - Non-Standard Port
T1574 - Hijack Execution Flow
T1574.001 - DLL Search Order Hijacking
T1574.012 - COR_PROFILER
T1583.005 - Botnet
T1587.001 - Malware
T1608.001 - Upload Malware
TA0002 - Execution
TA0003 - Persistence
TA0011 - Command and Control
TA0037 - Command and Control
Related Zero-Days 27
CVE-2014-1776
CVE-2017-0005
CVE-2017-0143
CVE-2017-0145
CVE-2017-0146
CVE-2017-0147
CVE-2019-0703
CVE-2019-0803
CVE-2023-28252
CVE-2023-4966
CVE-2024-21338
CVE-2024-38193
CVE-2024-50302
CVE-2024-53104
CVE-2024-53197
CVE-2024-55591
CVE-2025-22224
CVE-2025-22225
CVE-2025-22226
CVE-2025-29824
CVE-2025-4427
CVE-2025-4428
CVE-2025-49704
CVE-2025-53770
CVE-2025-53771
CVE-2025-59230
CVE-2025-61882