Gamaredon Group

Gamaredon Group is a threat group that has been active since at least 2013, and has targeted individuals with probable involvement in the Ukrainian government. The threat group’s name originated from a misspelling of the word ’Armageddon’, which was detected in the threat group’s early campaigns.

This is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.