| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.
| 2025-04-16
⋅
HarfangLab
⋅
Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure Pteranodon |
| 2024-12-11
⋅
Lookout
⋅
Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT BoneSpy DroidWatcher PlainGnome |
| 2024-11-22
⋅
cocomelonc
⋅
Linux malware development 3: linux process injection with ptrace. Simple C example. EvilGnome HiddenWasp Turla RAT |
| 2023-11-17
⋅
Check Point Software Technologies Ltd
⋅
Malware Spotlight – Into the Trash: Analyzing LitterDrifter LitterDrifter |
| 2023-08-28
⋅
Gamaredon Activity amid Ukraine's Counteroffensive Pteranodon |
| 2023-06-15
⋅
Symantec
⋅
Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine Pteranodon |
| 2023-03-20
⋅
ThreatMon
⋅
Cybergun: Technical Analysis of the Armageddon's Infostealer Pteranodon |
| 2023-03-13
⋅
ThreatMon
⋅
Beyond Bullets and Bombs: An Examination of Armageddon Group’s Cyber Warfare Against Ukraine Unidentified 003 (Gamaredon Downloader) Unidentified VBS 005 (Telegram Loader) Unidentified VBS 006 (Telegram Loader) Pteranodon |
| 2023-01-19
⋅
Blackberry
⋅
Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations Unidentified VBS 006 (Telegram Loader) |
| 2022-11-21
⋅
Blackberry
⋅
Gamaredon Leverages Microsoft Office Docs to Target Ukraine Government and Military Pteranodon |
| 2022-08-10
⋅
⋅
Cert-UA
⋅
Cyberattacks of the UAC-0010 group (Armageddon): malicious programs GammaLoad, GammaSteel (CERT-UA#5134) Gamaredon Group |
| 2022-07-26
⋅
⋅
Cert-UA
⋅
UAC-0010 (Armageddon) cyberattacks using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071) Gamaredon Group |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Trident Ursa Gamaredon Group |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Trident Ursa Gamaredon Group |
| 2022-05-24
⋅
ThreatStop
⋅
Gamaredon Group: Understanding the Russian APT Unidentified 003 (Gamaredon Downloader) Pteranodon |
| 2022-05-12
⋅
⋅
Cert-UA
⋅
Uac-0010 (Armageddon) cyberattacks using GammaLoad.PS1_v2 malware (CERT-UA#4634,4648) Gamaredon Group |
| 2022-05-12
⋅
Cisco
⋅
Network Footprints of Gamaredon Group Pteranodon |
| 2022-04-20
⋅
Symantec
⋅
Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine Pteranodon |
| 2022-04-07
⋅
⋅
Cert-UA
⋅
Cyber attack of the UAC-0010 group (Armageddon) on the state organizations of Ukraine (CERT-UA#4434) Gamaredon Group |
| 2022-04-04
⋅
⋅
Cert-UA
⋅
Cyber attack of UAC-0010 group (Armageddon) on state organizations of Ukraine (CERT-UA # 4378) Gamaredon Group |
| 2022-04-04
⋅
⋅
Cert-UA
⋅
Cyber attack by the UAC-0010 group (Armageddon) on state institutions of the European Union countries (CERT-UA#4334) Gamaredon Group |
| 2022-02-04
⋅
Microsoft
⋅
ACTINIUM targets Ukrainian organizations Pteranodon Gamaredon Group |
| 2022-02-04
⋅
Microsoft
⋅
ACTINIUM targets Ukrainian organizations DilongTrash DinoTrain Pteranodon QuietSieve Gamaredon Group |
| 2022-02-03
⋅
Palo Alto Networks Unit 42
⋅
Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine Pteranodon Gamaredon Group |
| 2022-02-03
⋅
Palo Alto Networks Unit 42
⋅
Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine (Updated June 22) Pteranodon Gamaredon Group |
| 2022-02-01
⋅
⋅
Cert-UA
⋅
Cyber attack of the UAC-0010 group (Armageddon) on the state organizations of Ukraine (CERT-UA#3787) Gamaredon Group |
| 2022-01-31
⋅
Symantec
⋅
Shuckworm Continues Cyber-Espionage Attacks Against Ukraine Pteranodon Gamaredon Group |
| 2022-01-31
⋅
Bleeping Computer
⋅
Russian 'Gamaredon' hackers use 8 new malware payloads in attacks Pteranodon |
| 2021-11-04
⋅
Security Service of Ukraine
⋅
Gamaredon / Armageddon Group: FSB RF Cyber attacks against Ukraine EvilGnome Pteranodon RMS |
| 2021-03-03
⋅
⋅
Cert-UA
⋅
Renewal of cyber attacks using the Pterodo hacker group Armageddon/Gamaredon Pteranodon |
| 2021-01-18
⋅
aaqeel01
⋅
Docx Files Template-Injection Unidentified 003 (Gamaredon Downloader) |
| 2020-06-18
⋅
ESET Research
⋅
Digging up InvisiMole’s hidden arsenal InvisiMole Gamaredon Group InvisiMole |
| 2020-06-18
⋅
ESET Research
⋅
Digging up InvisiMole’s hidden arsenal RC2FM Gamaredon Group |
| 2020-06-16
⋅
Intezer
⋅
ELF Malware Analysis 101: Linux Threats No Longer an Afterthought Cloud Snooper Dacls EvilGnome HiddenWasp MESSAGETAP NOTROBIN QNAPCrypt Winnti |
| 2020-06-11
⋅
ESET Research
⋅
Gamaredon group grows its game Gamaredon Group |
| 2020-06-11
⋅
ESET Research
⋅
Gamaredon group grows its game Pteranodon Gamaredon Group |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-02-17
⋅
Yoroi
⋅
Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign Pteranodon |
| 2020-02-13
⋅
Elastic
⋅
Playing defense against Gamaredon Group Pteranodon |
| 2020-02-05
⋅
SentinelOne
⋅
Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting Pteranodon |
| 2019-12-11
⋅
Recorded Future
⋅
Operation Gamework: Infrastructure Overlaps Found Between BlueAlpha and Iranian APTs Gamaredon Group |
| 2019-09-10
⋅
Github (StrangerealIntel)
⋅
Gamaredon Analysis Gamaredon Group |
| 2019-07-17
⋅
Intezer
⋅
EvilGnome: Rare Malware Spying on Linux Desktop Users EvilGnome |
| 2019-02-07
⋅
ThreatStop
⋅
An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group Pteranodon |
| 2019-01-07
⋅
Let's Learn: Deeper Dive into Gamaredon Group Pteranodon Implant Version '_512' Pteranodon |
| 2019-01-01
⋅
MITRE
⋅
Group description: Gamaredon Group Gamaredon Group |
| 2018-11-15
⋅
⋅
Cert-UA
⋅
Виявлена підготовка до проведення кібератаки з використанням ШПЗ типу Pterodo Pteranodon |
| 2018-09-03
⋅
⋅
Cert-UA
⋅
Bulk mailing of spyware like Pterodo Pteranodon |
| 2018-03-09
⋅
Cert-UA
⋅
Mass mailing of Pterodo-type spyware Pteranodon |
| 2017-05-31
⋅
MITRE
⋅
Gamaredon Group Pteranodon Gamaredon Group |
| 2017-02-27
⋅
Palo Alto Networks Unit 42
⋅
The Gamaredon Group Toolset Evolution Gamaredon Group |
| 2017-02-27
⋅
Palo Alto Networks Unit 42
⋅
The Gamaredon Group Toolset Evolution Pteranodon |
| 2017-02-27
⋅
Palo Alto Networks Unit 42
⋅
The Gamaredon Group Toolset Evolution Pteranodon RMS Gamaredon Group |
| 2017-02-27
⋅
Palo Alto Networks Unit 42
⋅
The Gamaredon Group Toolset Evolution Gamaredon Group |
| 2016-06-25
⋅
NSHC
⋅
SectorC08: Multi-Layered SFX in Recent Campaigns Target Ukraine Pteranodon |
| 2015-04-28
⋅
LookingGlass
⋅
Operation Armageddon: Cyber Espionage as a Strategic Component of Russian Modern Warfare Gamaredon Group |