Gamaredon

GPTKB entity

Statements (34)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart 2013
gptkbp:alsoKnownAs gptkb:Primitive_Bear
ACTINIUM
gptkbp:associatedWith gptkb:Russian_Federal_Security_Service_(FSB)
gptkbp:attributedTo widely attributed to Russian state interests
gptkbp:countryOfOrigin gptkb:Russia
https://www.w3.org/2000/01/rdf-schema#label Gamaredon
gptkbp:mainLanguage gptkb:Russian
gptkbp:monitors gptkb:Microsoft
gptkb:CERT-UA
gptkb:ESET
gptkb:Symantec
gptkbp:notableEvent attacks during 2022 Russian invasion of Ukraine
attacks on Ukrainian government in 2019
gptkbp:target gptkb:Ukraine
government organizations
military organizations
critical infrastructure
gptkbp:technique phishing emails
malicious attachments
living-off-the-land binaries
remote template injection
gptkbp:TTPs frequent infrastructure changes
rapid deployment of new malware variants
use of compromised email accounts
use of legitimate cloud services for C2
gptkbp:usesMalware PowerShell scripts
Pterodo
custom RATs
gptkbp:bfsParent gptkb:Russian-Ukrainian_cyberwarfare
gptkb:Russian_state-sponsored_hackers
gptkb:Hacker
gptkbp:bfsLayer 7