{ "type": "bundle", "id": "bundle--cc7a50d7-2256-44dc-8b5c-52a3e9f08de7", "spec_version": "2.0", "objects": [ { "modified": "2023-03-22T04:29:39.915Z", "name": "Gamaredon Group", "description": "[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage threat group that has targeted military, NGO, judiciary, law enforcement, and non-profit organizations in Ukraine since at least 2013. The name [Gamaredon Group](https://attack.mitre.org/groups/G0047) comes from a misspelling of the word \"Armageddon\", which was detected in the adversary's early campaigns.(Citation: Palo Alto Gamaredon Feb 2017)(Citation: TrendMicro Gamaredon April 2020)(Citation: ESET Gamaredon June 2020)(Citation: Symantec Shuckworm January 2022)(Citation: Microsoft Actinium February 2022)\n\nIn November 2021, the Ukrainian government publicly attributed [Gamaredon Group](https://attack.mitre.org/groups/G0047) to Russia's Federal Security Service (FSB) Center 18.(Citation: Bleepingcomputer Gamardeon FSB November 2021)(Citation: Microsoft Actinium February 2022)", "aliases": [ "Gamaredon Group", "IRON TILDEN", "Primitive Bear", "ACTINIUM", "Armageddon", "Shuckworm", "DEV-0157" ], "x_mitre_deprecated": false, "x_mitre_version": "2.1", "x_mitre_contributors": [ "ESET", "Trend Micro Incorporated" ], "type": "intrusion-set", "id": "intrusion-set--2e290bfe-93b5-48ce-97d6-edcd6d32b7cf", "created": "2017-05-31T21:32:09.849Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/groups/G0047", "external_id": "G0047" }, { "source_name": "ACTINIUM", "description": "(Citation: Microsoft Actinium February 2022)" }, { "source_name": "DEV-0157", "description": "(Citation: Microsoft Actinium February 2022)" }, { "source_name": "Gamaredon Group", "description": "(Citation: Palo Alto Gamaredon Feb 2017)" }, { "source_name": "IRON TILDEN", "description": "(Citation: Secureworks IRON TILDEN Profile)" }, { "source_name": "Armageddon", "description": "(Citation: Symantec Shuckworm January 2022)" }, { "source_name": "Shuckworm", "description": "(Citation: Symantec Shuckworm January 2022)" }, { "source_name": "Primitive Bear", "description": "(Citation: Unit 42 Gamaredon February 2022)" }, { "source_name": "ESET Gamaredon June 2020", "description": "Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020.", "url": "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/" }, { "source_name": "TrendMicro Gamaredon April 2020", "description": "Kakara, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020.", "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/" }, { "source_name": "Palo Alto Gamaredon Feb 2017", "description": "Kasza, A. and Reichel, D. (2017, February 27). The Gamaredon Group Toolset Evolution. Retrieved March 1, 2017.", "url": "https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/" }, { "source_name": "Microsoft Actinium February 2022", "description": "Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.", "url": "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/" }, { "source_name": "Secureworks IRON TILDEN Profile", "description": "Secureworks CTU. (n.d.). IRON TILDEN. Retrieved February 24, 2022.", "url": "https://www.secureworks.com/research/threat-profiles/iron-tilden" }, { "source_name": "Symantec Shuckworm January 2022", "description": "Symantec. (2022, January 31). Shuckworm Continues Cyber-Espionage Attacks Against Ukraine. Retrieved February 17, 2022.", "url": "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine" }, { "source_name": "Bleepingcomputer Gamardeon FSB November 2021", "description": "Toulas, B. (2018, November 4). Ukraine links members of Gamaredon hacker group to Russian FSB. Retrieved April 15, 2022.", "url": "https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/" }, { "source_name": "Unit 42 Gamaredon February 2022", "description": "Unit 42. (2022, February 3). Russia\u2019s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. Retrieved February 21, 2022.", "url": "https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_domains": [ "enterprise-attack" ], "x_mitre_attack_spec_version": "3.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }