← Back to Actors
Gamaredon Group
Gamaredon GroupIRON TILDENPrimitive BearACTINIUMArmageddonShuckwormDEV-0157Aqua BlizzardNastyShrew
[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage group that has targeted military, law enforcement, judiciary, non-profit, and non-governmental organizations in Ukraine since at least 2013. The name [Gamaredon Group](https://attack.mitre.org/groups/G0047) derives from a misspelling of the word "Armageddon," found in early campaigns.(Citation: Palo Alto Gamaredon Feb 2017)(Citation: TrendMicro Gamaredon April 2020)(Citation: ESET Gamaredon June 2020)(Citation: Symantec Shuckworm January 2022)(Citation: Microsoft Actinium February 2022) In November...
71
Techniques
68
Covered
3
Gaps
96%
Coverage
Coverage68/71
COVERED (68)
T1001Data Obfuscation2 det.T1005Data from Local System47 det.T1012Query Registry25 det.T1016.001Internet Connection Discovery6 det.T1020Automated Exfiltration20 det.T1021.005VNC2 det.T1025Data from Removable Media3 det.T1027Obfuscated Files or Information606 det.T1027.004Compile After Delivery10 det.T1027.010Command Obfuscation38 det.T1027.012LNK Icon Smuggling1 det.T1027.015Compression2 det.T1033System Owner/User Discovery61 det.T1036.005Match Legitimate Resource Name or Location45 det.T1039Data from Network Shared Drive6 det.T1041Exfiltration Over C2 Channel32 det.T1047Windows Management Instrumentation88 det.T1053.005Scheduled Task100 det.T1055Process Injection81 det.T1057Process Discovery21 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.005Visual Basic69 det.T1070.004File Deletion43 det.T1071.001Web Protocols81 det.T1080Taint Shared Content2 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1090Proxy48 det.T1090.003Multi-hop Proxy9 det.T1091Replication Through Removable Media8 det.T1095Non-Application Layer Protocol24 det.T1102Web Service35 det.T1102.002Bidirectional Communication16 det.T1102.003One-Way Communication4 det.T1105Ingress Tool Transfer184 det.T1106Native API29 det.T1112Modify Registry203 det.T1113Screen Capture18 det.T1119Automated Collection12 det.T1120Peripheral Device Discovery4 det.T1137Office Application Startup18 det.T1140Deobfuscate/Decode Files or Information58 det.T1204.001Malicious Link11 det.T1204.002Malicious File441 det.T1218.005Mshta49 det.T1218.011Rundll3275 det.T1221Template Injection1 det.T1480Execution Guardrails1 det.T1491.001Internal Defacement4 det.T1497.001System Checks6 det.T1518.001Security Software Discovery10 det.T1534Internal Spearphishing234 det.T1547.001Registry Run Keys / Startup Folder53 det.T1559.001Component Object Model17 det.T1561.001Disk Content Wipe2 det.T1562.001Disable or Modify Tools316 det.T1564.003Hidden Window11 det.T1566.001Spearphishing Attachment979 det.T1568Dynamic Resolution11 det.T1571Non-Standard Port17 det.T1583.001Domains62 det.T1583.006Web Services1 det.T1587.003Digital Certificates1 det.T1588.002Tool13 det.T1608.001Upload Malware3 det.T1620Reflective Code Loading15 det.T1685Disable or Modify Tools279 det.