Gamaredon Group

OriginRússia

Techniques (MITRE ATT&CK)70

SourceMITRE ATT&CK

Also known as:IRON TILDENPrimitive BearACTINIUMArmageddonShuckwormDEV-0157Aqua BlizzardNastyShrew

Vexday analysis

Gamaredon Group é um grupo suspeito de espionagem cibernética de origem russa que atua contra organizações militares, de segurança pública, do judiciário, sem fins lucrativos e não governamentais na Ucrânia desde pelo menos 2013. Em novembro de 2021, o governo ucraniano atribuiu publicamente o grupo ao Centro 18 do Serviço Federal de Segurança da Rússia (FSB), avaliação posteriormente corroborada por múltiplos pesquisadores independentes de segurança. Registrado no MITRE ATT&CK como G0047, o grupo é rastreado sob os aliases IRON TILDEN, Primitive Bear, ACTINIUM, Armageddon, Shuckworm e DEV-0157, com 70 técnicas documentadas na base de conhecimento.

Techniques (MITRE ATT&CK) 70

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Domains Virtual Private Server Web Services Digital Certificates Tool Upload Malware

Initial access

Spearphishing Attachment

Execution

Windows Management Instrumentation Scheduled Task PowerShell Windows Command Shell Visual Basic Native API Malicious Link Malicious File Component Object Model

Persistence

Office Application Startup Registry Run Keys / Startup Folder

Discovery

Query Registry Internet Connection Discovery System Owner/User Discovery Process Discovery System Information Discovery File and Directory Discovery Peripheral Device Discovery Security Software Discovery

Lateral movement

VNC Taint Shared Content Replication Through Removable Media Internal Spearphishing

Collection

Data from Local System Data from Removable Media Data from Network Shared Drive Screen Capture Automated Collection

Command and control

Data Obfuscation Web Protocols Proxy Multi-hop Proxy Non-Application Layer Protocol Web Service Bidirectional Communication One-Way Communication Ingress Tool Transfer Dynamic Resolution Fast Flux DNS Non-Standard Port

Exfiltration

Automated Exfiltration Exfiltration Over C2 Channel

Impact

Internal Defacement Disk Content Wipe

defense-impairment

Modify Registry Disable or Modify Tools

stealth

Obfuscated Files or Information Compile After Delivery Command Obfuscation LNK Icon Smuggling Compression Junk Code Insertion Match Legitimate Resource Name or Location Process Injection File Deletion Deobfuscate/Decode Files or Information Mshta Rundll32 Template Injection Execution Guardrails System Checks Hidden Window Reflective Code Loading

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

Gamaredon Group uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →