Common Information
| Type | Value |
|---|---|
| Value |
Winterflounder |
| Category | Actor |
| Type | Threat-Actor |
| Misp Type | Cluster |
| Description | Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-17 | 3 | Microsoft: Cybercrime is blending with nation-state action | #cybercrime | #infosec | National Cyber Security Consulting | ||
| Details | Website | 2024-10-16 | 3 | Microsoft: Nation-state activity blurring with cybercrime | #cybercrime | #infosec | National Cyber Security Consulting | ||
| Details | Website | 2024-10-15 | 11 | Gamaredon APT - Shortcut to Espionage | ||
| Details | Website | 2024-10-15 | 1 | Microsoft Says Kremlin Is Working With Cybercriminals To Spy On Ukraine | #cybercrime | #infosec | National Cyber Security Consulting | ||
| Details | Website | 2024-10-08 | 6 | Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday | ||
| Details | Website | 2024-10-08 | 6 | Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting | ||
| Details | Website | 2024-09-26 | 4 | Gamaredon Attack Detection: Cyber-Espionage Operations Against Ukraine by the russia-linked APT - SOC Prime | ||
| Details | Website | 2024-09-19 | 175 | Gamaredon APT IOCs - VI - SEC-1275-1 | ||
| Details | Website | 2024-09-16 | 3 | Gamaredon APT IOCs - V - SEC-1275-1 | ||
| Details | Website | 2024-09-07 | 18 | 'From Russia with a 71': Uncovering Gamaredon's fast flux infrastructure. New apex domains and ASN/IP diversity patterns discovered. — Silent Push Threat Intelligence | ||
| Details | Website | 2024-09-06 | 4 | Gamaredon APT Launches Spear-Phishing Campaign Targeting Ukrainian Military | ||
| Details | Website | 2024-09-06 | 147 | Gamaredon’s Spear-Phishing Assault On Ukraine’s Military - Cyble | ||
| Details | Website | 2024-08-13 | 74 | Early Analysis of the Twilio phishing attack — Silent Push Threat Intelligence | ||
| Details | Website | 2024-05-29 | 28 | Tracking Threat Actors Using Images and Artifacts | ||
| Details | Website | 2024-03-30 | 149 | Tracking Gamaredon Infrastructure With Passive DNS Records and Subdomain Analysis | ||
| Details | Website | 2024-03-06 | 12 | Tracking Adversaries: UAC-0050, Cracking The DaVinci Code | ||
| Details | Website | 2024-02-07 | 10 | Avast Q4/2023 Threat Report - Avast Threat Labs | ||
| Details | Website | 2024-02-05 | 4 | Risky Biz News: Two Iranian cyber groups get doxed in a week | ||
| Details | Website | 2023-11-20 | 1 | Novel LitterDrifter USB worm leveraged by Gamaredon for cyberespionage | ||
| Details | Website | 2023-11-20 | 1 | Risky Biz News: DIALStranger vulnerabilities disclosed after four years | ||
| Details | Website | 2023-11-20 | 0 | Russia's LitterDrifter USB Worm Spreads Beyond Ukraine | ||
| Details | Website | 2023-11-20 | 1 | Gamaredon's LittleDrifter USB malware spreads beyond Ukraine | ||
| Details | Website | 2023-11-19 | 117 | LitterDrifter: a new USB worm used by the Gamaredon group | ||
| Details | Website | 2023-11-18 | 4 | Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks | ||
| Details | Website | 2023-11-18 | 4 | Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks |