First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques. Originally, this malware variant targeted Brazilian users, but Astaroth now targets users both in No…
Astaroth (Malware Family) Please enable JavaScript to use all features of this site. InventoryStatisticsUsageApiVectorLoginSYMBOLCOMMON_NAMEaka. SYNONYMSwin.astaroth (Back to overview) Astaroth Propose Change aka: Guildma First spotted in the wild in 2017, Astaroth is a highly prevalent, information-stealing Latin American banking trojan. It is written in Delphi and has some innovative execution and attack techniques. Originally, this malware variant targeted Brazilian users, but Astaroth now targets users both in North America and Europe. References 2022-08-19 ⋅ SANS ISC ⋅ Brad Duncan@online{duncan:20220819:brazil:ba12b0c, author = {Brad Duncan}, title = {{Brazil malspam pushes Astaroth (Guildma) malware}}, date = {2022-08-19}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962}, language = {English}, urldate = {2022-08-28} } Brazil malspam pushes Astaroth (Guildma) malware Astaroth2022-01-17 ⋅ Github (pan-unit42) ⋅ Brad Duncan@online{duncan:20220117:iocs:2a5e814, author = {Brad Duncan}, title = {{IOCs for Astaroth/Guildma malware infection}}, date = {2022-01-17}, organization = {Github (pan-unit42)}, url = {https://github.com/pan-unit42/tweets/blob/master/2022-01-17-IOCs-for-Astaroth-Guildma-infection.txt}, language = {English}, urldate = {2022-01-25} } IOCs for Astaroth/Guildma malware infection Astaroth2021-11-17 ⋅ ARMOR ⋅ Amer Elsad@online{elsad:20211117:astaroth:04788ff, author = {Amer Elsad}, title = {{Astaroth: Banking Trojan}}, date = {2021-11-17}, organization = {ARMOR}, url = {https://www.armor.com/resources/threat-intelligence/astaroth-banking-trojan/}, language = {English}, urldate = {2021-12-01} } Astaroth: Banking Trojan Astaroth2021-03-21 ⋅ Blackberry ⋅ Blackberry Research@techreport{research:20210321:2021:a393473, author = {Blackberry Research}, title = {{2021 Threat Report}}, date = {2021-03-21}, institution = {Blackberry}, url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf}, language = {English}, urldate = {2021-03-25} } 2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW@online{munshaw:20201221:2020:4a88f84, author = {JON MUNSHAW}, title = {{2020: The year in malware}}, date = {2020-12-21}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html}, language = {English}, urldate = {2020-12-26} } 2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader2020-07-14 ⋅ Kaspersky Labs ⋅ GReAT@online{great:20200714:tetrade:c97f76a, author = {GReAT}, title = {{The Tetrade: Brazilian banking malware goes global}}, date = {2020-07-14}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-tetrade-brazilian-banking-malware/97779/}, language = {English}, urldate = {2020-07-15} } The Tetrade: Brazilian banking malware goes global Astaroth Grandoreiro Melcoz2020-07-03 ⋅ F-Secure Labs ⋅ Anartz Martin@online{martin:20200703:attack:1454a0d, author = {Anartz Martin}, title = {{Attack Detection Fundamentals: Code Execution and Persistence - Lab #1}}, date = {2020-07-03}, organization = {F-Secure Labs}, url = {https://labs.f-secure.com/blog/attack-detection-fundamentals-code-execution-and-persistence-lab-1/}, language = {English}, urldate = {2020-09-21} } Attack Detection Fundamentals: Code Execution and Persistence - Lab #1 Astaroth2020-05-31 ⋅ InfoSec Handlers Diary Blog ⋅ Renato Marinho@online{marinho:20200531:guildma:0cad27c, author = {Renato Marinho}, title = {{Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses}}, date = {2020-05-31}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/27482}, language = {English}, urldate = {2021-06-09} } Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses Astaroth2020-05-11 ⋅ Cisco Talos ⋅ Nick Biasini, Edmund Brumaghin, Nick Lister@online{biasini:20200511:astaroth:f325070, author = {Nick Biasini and Edmund Brumaghin and Nick Lister}, title = {{Astaroth - Maze of obfuscation and evasion reveals dark stealer}}, date = {2020-05-11}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/05/astaroth-analysis.html}, language = {English}, urldate = {2020-05-11} } Astaroth - Maze of obfuscation and evasion reveals dark stealer Astaroth2020-03-23 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team@online{team:20200323:latest:c58e3ed, author = {Microsoft Defender ATP Research Team}, title = {{Latest Astaroth living-off-the-land attacks are even more invisible but not less observable}}, date = {2020-03-23}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/03/23/latest-astaroth-living-off-the-land-attacks-are-even-more-invisible-but-not-less-observable/}, language = {English}, urldate = {2020-03-26} } Latest Astaroth living-off-the-land attacks are even more invisible but not less observable Astaroth2020-03-05 ⋅ ESET Research ⋅ ESET Research@online{research:20200305:guildma:a339bd6, author = {ESET Research}, title = {{Guildma: The Devil drives electric}}, date = {2020-03-05}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/03/05/guildma-devil-drives-electric/}, language = {English}, urldate = {2020-03-09} } Guildma: The Devil drives electric Astaroth2019-12-06 ⋅ Botconf ⋅ Juraj Horňák, Jakub Souček@techreport{hork:20191206:demystifying:1285ddd, author = {Juraj Horňák and Jakub Souček}, title = {{Demystifying banking trojans from Latin America}}, date = {2019-12-06}, institution = {Botconf}, url = {https://www.botconf.eu/wp-content/uploads/2019/12/B2019-Soucek-Hornak-DemystifyingBankingTrojansFromLatinAmerica.pdf}, language = {English}, urldate = {2020-05-05} } Demystifying banking trojans from Latin America Astaroth Metamorfo2019-07-08 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team@online{team:20190708:dismantling:7570b60, author = {Microsoft Defender ATP Research Team}, title = {{Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack}}, date = {2019-07-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/}, language = {English}, urldate = {2019-12-02} } Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack Astaroth2019-04-25 ⋅ AppGate ⋅ Edgar Felipe Duarte Porras@online{porras:20190425:meet:75dbab7, author = {Edgar Felipe Duarte Porras}, title = {{Meet Lucifer: A New International Trojan}}, date = {2019-04-25}, organization = {AppGate}, url = {https://blog.easysol.net/meet-lucifer-international-trojan/}, language = {English}, urldate = {2020-01-07} } Meet Lucifer: A New International Trojan Astaroth2019-02-13 ⋅ Cybereason ⋅ Eli Salem@online{salem:20190213:astaroth:ed892f0, author = {Eli Salem}, title = {{Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data}}, date = {2019-02-13}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research}, language = {English}, urldate = {2020-01-09} } Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data Astaroth There is no Yara-Signature yet. Propose Change for win.astaroth×In which category would you like to suggest a change?Please select a categoryActorsNamingDescriptionReferencesOtherWhat would you like to do?Please select an optionSuggest an aliasChange the common nameNew Alias for win.astarothPlease enter a new alias that you think is appropriate for Astaroth. Give a reference for the alias in the box below.New Name for win.astarothPlease enter your proposal for a new primary family name that you think is more appropriate than win.astaroth.New Common Name for win.astarothPlease enter your proposal for a new primary family name that you think is more appropriate than Astaroth.What would you like to do?Please select an optionChange the existing descriptionAdd DescriptionThe Family description will be visible on the family details site.Change DescriptionChange the existing description like you think it would be advisable. If your designated proposal does not fit in any other category, feel free to write a free-text in the comment field below. Please propose all changes regarding references on the Malpedia library pageWhat would you like to do?Please select an optionAdd new actorNew Actor for win.astaroth Stealth Mango and Tangelo 1937CNALLANITE (Palmetto Fusion, Allanite)ANDROMEDA SPIDERANTHROPOID SPIDER (Empire Monkey, CobaltGoblin)APT-C-12 (Sapphire Mushroom, Blue Mushroom, NuclearCrisis)APT-C-27 (GoldMouse, Golden RAT, ATK80)APT-C-34 (Golden Falcon)APT-C-36 (Blind Eagle)APT-C-60 (APT-Q-12)APT.3102APT1 (COMMENT PANDA, PLA Unit 61398, Comment Crew, Byzantine Candor, Group 3, TG-8223, Comment Group, Brown Fox, GIF89a, ShadyRAT, G0006)APT10 (STONE PANDAD, Menupass Team, happyyongzi, POTASSIUM, Red Apollo, CVNX, HOGFISH, Cloud Hopper, BRONZE RIVERSIDE, ATK41, G0045, Granite Taurus)APT12 (NUMBERED PANDA, TG-2754, BeeBus, Group 22, DynCalc, Calc Team, DNSCalc, Crimson Iron, IXESHE, BRONZE GLOBE)APT14 (ANCHOR PANDA, QAZTeam, ALUMINUM)APT15 (VIXEN PANDA, Ke3Chang, Playful Dragon, Metushy, Lurid, Social Network Team, Royal APT, BRONZE PALACE, BRONZE DAVENPORT, BRONZE IDLEWOOD, NICKEL, G0004, Red Vulture)APT16 (SVCMONDR, G0023)APT17 (Group 8, AURORA PANDA, Hidden Lynx, Tailgater Team, Dogfish, BRONZE KEYSTONE, G0025, Group 72, G0001, Axiom, HELIUM)APT18 (DYNAMITE PANDA, TG-0416, SCANDIUM, PLA Navy, Wekby, G0026)APT19 (DEEP PANDA, Codoso, WebMasters, KungFu Kittens, Black Vine, TEMP.Avengers, Group 13, PinkPanther, Shell Crew, BRONZE FIRESTONE, G0009, G0073, Pupa, Sunshop Group)APT2 (PLA Unit 61486, PUTTER PANDA, MSUpdater, 4HCrew, SULPHUR, SearchFire, TG-6952, G0024)APT20 (VIOLIN PANDA, TH3Bug, Crawling Taurus)APT21 (HAMMER PANDA, TEMP.Zhenbao, NetTraveler)APT22 (G0039, Suckfly, BRONZE OLIVE, Group 46)APT23 (PIRATE PANDA, KeyBoy, Tropic Trooper, BRONZE HOBART, G0081, Red Orthrus)APT24 (PITTY PANDA, G0011, Temp.Pittytiger)APT26 (Hippo Team, JerseyMikes, TURBINE PANDA, BRONZE EXPRESS, TECHNETIUM)APT27 (GreedyTaotie, TG-3390, EMISSARY PANDA, TEMP.Hippo, Red Phoenix, Budworm, Group 35, ZipToken, Iron Tiger, BRONZE UNION, Lucky Mouse, G0027, Iron Taurus, Earth Smilodon)APT28 (Pawn Storm, FANCY BEAR, Sednit, SNAKEMACKEREL, Tsar Team, TG-4127, STRONTIUM, Swallowtail, IRON TWILIGHT, Group 74, SIG40, Grizzly Steppe, G0007, ATK5, Fighting Ursa, ITG05, Blue Athena, TA422, T-APT-12, APT-C-20, UAC-0028, FROZENLAKE, Sofacy)APT29 (Group 100, COZY BEAR, The Dukes, Minidionis, SeaDuke, YTTRIUM, IRON HEMLOCK, Grizzly Steppe, G0016, ATK7, Cloaked Ursa, TA421, Blue Kitsune, ITG11, BlueBravo)APT3 (GOTHIC PANDA, TG-0110, Group 6, UPS, Buckeye, Boyusec, BORON, BRONZE MAYFAIR, Red Sylvan)APT30 (G0013)APT31 (ZIRCONIUM, JUDGMENT PANDA, BRONZE VINEWOOD, Red keres)APT32 (OceanLotus Group, Ocean Lotus, OceanLotus, Cobalt Kitty, APT-C-00, SeaLotus, Sea Lotus, APT-32, APT 32, Ocean Buffalo, POND LOACH, TIN WOODLAWN, BISMUTH, ATK17, G0050)APT33 (APT 33, Elfin, MAGNALLIUM, Refined Kitten, HOLMIUM, COBALT TRINITY, G0064, ATK35)APT35 (Newscaster Team, Magic Hound, G0059, Phosphorus, Mint Sandstorm, TunnelVision, COBALT MIRAGE)APT37 (APT 37, Group 123, Group123, InkySquid, Operation Daybreak, Operation Erebus, Reaper Group, Reaper, Red Eyes, Ricochet Chollima, ScarCruft, Venus 121, ATK4, G0067, Moldy Pisces)APT39 (Chafer, REMIX KITTEN, COBALT HICKMAN, G0087, Radio Serpens)APT4 (PLA Navy, MAVERICK PANDA, BRONZE EDISON, Sykipot)APT40 (TEMP.Periscope, TEMP.Jumper, Leviathan, BRONZE MOHAWK, GADOLINIUM, KRYPTONITE PANDA, G0065, ATK29, TA423, Red Ladon, ITG09, MUDCARP, ISLANDDREAMS)APT41 (G0096, TA415, Blackfly, Grayfly, LEAD, BARIUM, WICKED SPIDER, WICKED PANDA, BRONZE ATLAS, BRONZE EXPORT, Red Kelpie, G0044, Earth Baku, Amoeba, HOODOO, Brass Typhoon)APT42 (UNC788)APT43APT5 (KEYHOLE PANDA, MANGANESE, BRONZE FLEETWOOD, TEMP.Bottle)APT6 (1.php Group)APT9 (NIGHTSHADE PANDA, Red Pegasus, Group 27)Altahrea TeamAnonymous SudanAntlionAoqin Dragon (UNC94)AridViper (Desert Falcon, Arid Viper, APT-C-23)Aslan Neferler Tim (Lion Soldiers Team, Phantom Turk)AtlasCrossAttorAvivoreAyyıldız Tim (Crescent and Star)BAMBOO SPIDERBIG PANDABITWISE SPIDERBOSON SPIDERBOSS SPIDER (GOLD LOWELL)BRONZE EDGEWOOD (Red Hariasa)BRONZE HIGHLAND (Evasive Panda, Daggerfly)BRONZE SPIRALBRONZE SPRING (UNC302)BRONZE STARLIGHT (SLIME34, DEV-0401)BRONZE VAPORBackdoorDiplomacy (BackDip, CloudComputating, Quarian)BadRoryBahamutBazarCall (BazzarCall, BazaCall)Beijing Group (SNEAKY PANDA, Elderwood, Elderwood Gang, SIG22, G0066)BelialDemon (Matanbuchus)BlackOasis (G0063)BlackTech (CIRCUIT PANDA, Temp.Overboard, HUAPI, Palmerworm, G0098, T-APT-03, Manga Taurus, Red Djinn)Blackgear (Topgear, Comnie, BLACKGEAR)BladeHawkBlue Termite (Cloudy Omega, Emdivi)BlueBottleBoulder BearBudminer (Budminer cyberespionage group)BuhTrapCHRYSENE (OilRig, Greenbug)CIRCUS SPIDERCLOCKWORK SPIDERCOBALT JUNO (APT-C-38 (QiAnXin), SABER LION, TG-2884 (SCWX CTU))COBALT KATANA (Hive0081 (IBM), SectorD01 (NHSC), xHunt campaign (Palo Alto), Hunter Serpens)CadelleCallisto (COLDRIVER, SEABORGIUM, TA446, GOSSAMER BEAR, BlueCharlie)Calypso (BRONZE MEDLEY)Camaro DragonCaracal Kitten (APT-Q-58)CarderbeeCareto (The Mask, Mask, Ugly Face)ChamelgangCharming Kitten (Newscaster, Parastoo, iKittens, Group 83, NewsBeef, G0058)Cleaver (Operation Cleaver, Op Cleaver, Tarh Andishan, Alibaba, TG-2889, Cobalt Gypsy, G0003)Clever Kitten (Group 41)Cobalt (Cobalt Group, Cobalt Gang, GOLD KINGSWOOD, COBALT SPIDER, G0080, Mule Libra)Cold River (Nahr Elbard, Nahr el bared)Common Raven (OPERA1ER, NXSMS, DESKTOP-GROUP)ConfuciousCopy-PasteCopyKittens (Slayer Kitten, G0052)Corsair Jackal (TunisianCyberArmy)Cosmic LynxCurious Gorge (UNC3742)Cutting Kitten (ITsecTeam)Cyber Av3ngersCyber BerkutCyber Caliphate Army (Islamic State Hacking Division, CCA, United Cyber Caliphate, UUC, CyberCaliphate)Cyber fighters of Izz Ad-Din Al Qassam (Fraternal Jackal)DAGGER PANDA (IceFog, Trident, RedFoxtrot, Red Wendigo, PLA Unit 69010)DEV-0147DEV-0270 (Nemesis Kitten, Storm-0270)DEV-0586 (Ruinous Ursa)DEV-0950 (Lace Tempest)DEV-1028DEXTOROUS SPIDERDIZZY PANDA (LadyBoyle)DNSpionage (COBALT EDGEWATER)DOPPEL SPIDER (GOLD HERON)DUNGEON SPIDERDalbitDancing SalomeDangerousSavannaDantiDark BasinDark Caracal (G0070)DarkCasinoDarkHotel (DUBNIUM, Fallout Team, Karba, Luder, Nemim, Nemin, Tapaoux, Pioneer, Shadow Crane, APT-C-06, SIG25, TUNGSTEN BRIDGE, T-APT-02, G0012, ATK52)DarkHydrus (LazyMeerkat, G0079, Obscure Serpens)DarkVishnyaDeadeye Jackal (SyrianElectronicArmy, SEA)Desorden GroupDiceyFDomestic KittenDragonOK (Moafee, BRONZE OVERBROOK, G0017, G0002, Shallow Taurus)Dust Storm (G0031)DustSquad (Nomadic Octopus)ELECTRIC PANDAELOQUENT PANDAENERGETIC BEAR (BERSERK BEAR, ALLANITE, CASTLE, DYMALLOY, TG-4192, Dragonfly, Crouching Yeti, Group 24, Havex, Koala Team, IRON LIBERTY, G0035, ATK6, ITG15, BROMINE, Blue Kraken)EXOTIC LILY (DEV-0413)Earth BerberokaEarth EstriesEarth Longzhi (SnakeCharmer)Earth Lusca (CHROMIUM, ControlX, TAG-22, FISHMONGER, BRONZE UNIVERSITY, AQUATIC PANDA, Red Dev 10, RedHotel)Earth WendigoEl Machete (Machete, machete-apt, APT-C-43, G0095)Equation Group (Tilded Team, EQGRP, G0020)Evasive Panda (BRONZE HIGHLAND)Evil Corp (GOLD DRAKE)EvilPostEvilTraffic (Operation EvilTraffic)Evilnum (DeathStalker)FASTCashFIN1FIN10 (G0051)FIN11 (TEMP.Warlock, UNC902)FIN13 (TG2003, Elephant Beetle)FIN5 (G0053)FIN6 (SKELETON SPIDER, ITG08, MageCart Group 6, White Giant, GOLD FRANKLIN, ATK88, G0037)FIN7 (CARBON SPIDER, GOLD NIAGARA, Calcium, ATK32, G0046, G0008, Coreid, Carbanak)FIN8 (ATK113, G0061)FOXY PANDAFlash KittenFlying Kitten (SaffronRose, Saffron Rose, AjaxSecurityTeam, Ajax Security Team, Group 26, Sayad)Fox Kitten (PIONEER KITTEN, PARISITE, UNC757)FxmspGALLIUM (Red Dev 4, Alloy Taurus)GC01 (Golden Chickens, Golden Chickens01, Golden Chickens 01)GC02 (Golden Chickens, Golden Chickens02, Golden Chickens 02)GCMAN (G0036)GIBBERISH PANDAGOBLIN PANDA (Conimes, Cycldek)GOLD BURLAP (CYBORG SPIDER)GOLD CABIN (Shakthak, TA551, ATK236, G0127, Monster Libra)GOLD DUPONT (SPRITE SPIDER)GOLD EVERGREENGOLD FAIRFAXGOLD FLANDERSGOLD GALLEONGOLD GARDENGOLD MANSARDGOLD NORTHFIELDGOLD PRELUDE (TA569, UNC1543)GOLD RIVERVIEWGOLD SKYLINEGOLD SOUTHFIELDGOLD SYMPHONYGOLD WATERFALLGOLD WINTERGRIM SPIDER (GOLD ULRICK)GURU SPIDERGallmakerGamaredon Group (ACTINIUM, DEV-0157, Blue Otso, BlueAlpha, G0047, IRON TILDEN, PRIMITIVE BEAR, Shuckworm, Trident Ursa, UAC-0010, Winterflounder)Gelsemium (狼毒草)Ghost JackalGhostNet (Snooping Dragon)GhostSec (Ghost Security)Ghostwriter (UNC1151, TA445, PUSHCHA)GnosticplayersGoldenJackalGozNymGraylingGreenbugGreyEnergyGroundbaitGroup5 (G0043)GuacamayaHAFNIUM (ATK233, G0125, Operation Exchange Marauder, Red Dev 13)HAZY TIGER (Bitter, T-APT-17, APT-C-08, Orange Yali)HOUND SPIDERHURRICANE PANDAHacking TeamHaggaHellsingHenBoxHezbHiddenArtHigaisaHoneybee (G0072)HookAdsHummingBadIMPERSONATING PANDAINDRIK SPIDERIRIDIUMInception Framework (Clean Ursa, Cloud Atlas, OXYGEN, G0100, ATK116, Blue Odin)IndigoZebraInfy (Operation Mermaid, Prince of Persia, Foudre)InvisiMoleIron Group (Iron Cyber Group)IronHuskyItaDuke (DarkUniverse, SIG27)KNOCKOUT SPIDERKarakurt (Karakurt Lair)KasablankaKeksecKillnetKimsuky (Velvet Chollima, Black Banshee, Thallium, Operation Stolen Pencil, G0086, APT43)Kinsing (Money Libra)Kiss-a-DogKromSecLAPSUS (LAPSUS$, DEV-0537, SLIPPY SPIDER)LOTUS PANDA (Spring Dragon, ST Group, DRAGONFISH, BRONZE ELGIN, ATK1, G0030, Red Salamander, Lotus BLossom)LUNAR SPIDER (GOLD SWATHMORE)LYCEUM (COBALT LYCEUM, HEXANE, Spirlin, siamesekitten)LanceflyLazarus Group (Operation DarkSeoul, Dark Seoul, Hidden Cobra, Hastati Group, Andariel, Unit 121, Bureau 121, NewRomanic Cyber Army Team, Bluenoroff, Subgroup: Bluenoroff, Group 77, Labyrinth Chollima, Operation Troy, Operation GhostSecret, Operation AppleJeus, APT38, APT 38, Stardust Chollima, Whois Hacking Team, Zinc, Appleworm, Nickel Academy, APT-C-26, NICKEL GLADSTONE, COVELLITE, ATK3, G0032, ATK117, G0082)Libyan ScorpionsLofyGangLonghorn (Lamberts, the Lamberts, APT-C-39, PLATINUM TERMINAL)Lucky Cat (TA413, White Dev 9)MAGNETIC SPIDERMALLARD SPIDER (GOLD LAGOON)MIMIC SPIDERMONTY SPIDERMUMMY SPIDER (TA542, GOLD CRESTWOOD)MUSTANG PANDA (BRONZE PRESIDENT, HoneyMyte, Red Lich, TEMP.HEX, BASIN, Earth Preta)MadiMageCartMagic Kitten (Group 42, VOYEUR)MalteiroMana TeamMetadorModifiedElephantMofang (Superman, BRONZE WALKER)Molerats (Gaza Hackers Team, Gaza cybergang, Gaza Cybergang, Operation Molerats, Extreme Jackal, Moonlight, ALUMINUM SARATOGA, G0021)MoneyTakerMosesStaff (Moses Staff)Moskalvzapoe (MAN1, TA511)MoustachedBouncerMuddyWater (TEMP.Zagros, Static Kitten, Seedworm, MERCURY, COBALT ULSTER, G0069, ATK51, Boggy Serpens)NARWHAL SPIDER (GOLD ESSEX, TA544)NB65 (Network Battalion 65)NEODYMIUM (G0055)NOCTURNAL SPIDERNOMAD PANDANOTROBINNaikon (PLA Unit 78020, OVERRIDE PANDA, Camerashy, BRONZE GENEVA, G0019, Naikon, BRONZE STERLING, G0013)Nazar (SIG37)Nexus ZetaNight Dragon (G0014)Nitro (Covert Grove)NoName057(16) (NoName057, NoName05716, 05716nnm, Nnm05716)OUTLAW SPIDEROVERLORD SPIDEROilAlphaOilRig (Twisted Kitten, Cobalt Gypsy, Crambus, Helix Kitten, APT 34, APT34, IRN2, ATK40, G0049, Evasive Serpens)OnionDogOperation BugDropOperation C-Major (C-Major, Transparent Tribe, Mythic Leopard, ProjectM, APT36, APT 36, TMP.Lapis, Green Havildar, COPPER FIELDSTONE)Operation ComandoOperation Kabar Cobr… truncated (5,605 more characters in archive)