Gamaredon
Essential information
- Confidence
- 100/100
- Published
- 20/12/2025 20:11
- Modified
- 20/12/2025 20:11
- Updated at
- 20/12/2025 20:11
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 7 reports, 63 attack patterns (mitre), 47 malware, 4 sectors, 15 countries, 100 indicators, 5 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (7)
-
18 MITREs 5 Malwares 2 Observables 1 APT
-
19 MITREs 5 Malwares 1 Observable 1 APT
-
2 CVEs 19 MITREs 6 Malwares 4 Observables 1 APT
-
12 Malwares 53 Observables 1 APT
-
8 MITREs 1 Malware 1 APT
-
5 MITREs 2 Malwares 31 Observables 1 APT
-
8 MITREs 23 Malwares 50 Observables 1 APT
Attack patterns (MITRE) (63)
-
T1070.006 usesTimestomp MITRE
-
T1595 usesActive Scanning MITRE
-
T1573.001 usesSymmetric Cryptography MITRE
-
T1020 usesAutomated Exfiltration MITRE
-
T1113 usesScreen Capture MITRE
-
T1219 usesRemote Access Tools MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1218.010 usesRegsvr32 MITRE
-
T1041 usesExfiltration Over C2 Channel MITRE
-
T1566 usesPhishing MITRE
-
T1025 usesData from Removable Media MITRE
-
T1059.005 usesVisual Basic MITRE
Malware (47)
-
PlainGnome usesFamily
-
PteroPShell usesFamily
-
GammaWipe usesFamily
-
PteroSig usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
PteroGram usesFamily
-
Pteranodon - S0147 usesFamily
-
PteroDoc usesFamily
-
PteroTemplate usesFamily
-
PteroScout usesFamily
-
PteroBox usesFamily
-
BoneSpy usesFamily
-
LitterDrifter uses
Sectors (4)
-
Chemical targets
-
Defense targets
-
Government targets
-
Defense ministries (including the military) targets
Countries (15)
-
Chile targets
-
Kazakhstan targets
-
Hong Kong targets
-
Germany targets
-
Uzbekistan targets
-
Tajikistan targets
-
Kyrgyzstan targets
-
Bulgaria targets
-
Latvia targets
-
Viet Nam targets
-
Poland targets
-
Ukraine targets
Indicators (100)
-
likeyvhost.ddns.netindicates -
arabianos.ruindicates -
clap3.vasifgo.ruindicates -
165.22.170.129indicates -
f021b79168daef8a6359b0b14c0002316e9a98dc79f0bf27e59c48032ef21c3dindicates -
dfaa47ed20021c4f84bf68820a618f9e8a2e077d36b6d7281e8724b2124c7825indicates -
gurmou.siteindicates -
aethionemaso.ruindicates -
eb8da26034035f08946acb6fc127e3b2db884a024a61aea99397c46aedc70145indicates -
7c50be91304ee573c2bc8823f67ea4f45a1988ceb73ffe5ebcaccaf59e5c1cceindicates -
credomched.ruindicates -
sao-yield-are-domestic.trycloudflare.comindicatesstix 100/100 Revoked· Valid until 08/06/2026 · Source: AlienVault
Vulnerabilities (CVE) (5)
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system …
- Attack vector
- Network
- Published
- 12/06/2024
- Modified
- 21/12/2025
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
- Published
- 27/06/2022
- Modified
- 20/12/2025
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution
- Published
- 15/02/2022
- Modified
- 02/06/2026
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …
- Attack vector
- Network
- Published
- 12/08/2025
- Modified
- 27/05/2026