| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Curly COMrades is a threat actor identified by Amazon Threat Intelligence and Bitdefender, believed to operate in support of Russian interests. They employ techniques such as Hyper-V abuse for EDR evasion and utilize proxy tools like Resocks, SSH, and Stunnel to gain access to internal networks. Their activities include repeated attempts to extract the NTDS database from domain controllers and establishing covert access through virtualization features on compromised Windows 10 machines.
There are currently no families associated with this actor.
| 2025-11-04
⋅
Bitdefender
⋅
Curly COMrades: Evasion and Persistence via Hidden Hyper-V Virtual Machines Curly COMrades |
| 2025-08-12
⋅
Bitdefender
⋅
Curly COMrades: A New Threat Actor Targeting Geopolitical Hotbeds Victor Vrabie RMS Curly COMrades |