BEARDSHELL (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.beardshell (Back to overview)

BEARDSHELL

Actor(s): APT28

According to CERT-UA, this is a malware developed using the C++ programming language. It provides capabilities for downloading, decryption (chacha20-poly150) and performing PowerShell scripts, as well as uploading the command's results.

References

2025-06-21 ⋅ ⋅ Cert-UA ⋅ Cert-UA
Cyberattacks UAC-0001 (APT28) in relation to public authorities using BEARDSHELL and COVENANT
BEARDSHELL SLIMAGENT

There is no Yara-Signature yet.

BEARDSHELL Propose Change

References

BEARDSHELL