2023-02-18
Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia.
Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted various industries, including defense, energy, and technology.
Email me if you need the password (see in my profile)
(209 MB. 218 samples listed in the hash tables below).
The malware arsenal collected here includes:
- Elephant framework (GrimPlant (Backdoor) and GraphSteel (Stealer).)
- Graphiron Backdoor
- OutSteel (LorecDocStealer)
- BabaDeda
- Cobalt Strike (Beacon)
- SaintBot Downloader
- WhisperGate Wiper
