Gelsemium

Malware updated a month ago (2024-10-17T12:03:51.735Z)
Download STIX
Preview STIX
Gelsemium is a form of malware, short for malicious software, designed to exploit and damage computer systems. It can infiltrate systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Gelsemium can perform a variety of harmful actions such as stealing personal information, disrupting operations, or even holding data hostage for ransom. There have been numerous inquiries regarding whether Gelsemium APT (Advanced Persistent Threat) is behind targeted attacks on Southeast Asian Governments. An Advanced Persistent Threat refers to a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is usually to monitor network activity and steal data rather than to cause damage to the network or organization. The tool known as SAMRID was identified as 'EarthWorm', an open-source SOCKS proxy tunneller available on GitHub. This tool has been utilized in the past by multiple China-linked APT groups, including 'Volt Typhoon', 'APT27' and 'Gelsemium'. These connections raise concerns about the potential involvement of these groups, particularly Gelsemium, in the reported cyberattacks against Southeast Asian governments.
Description last updated: 2024-10-17T11:45:37.912Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Backdoor
Proxy
Government
Asia
Iis
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Stately Taurus Malware is associated with Gelsemium. Stately Taurus, also known as Mustang Panda, Bronze President, Camaro Dragon, Earth Preta, Luminous Moth, and Red Delta, is a sophisticated malware that has been used in cyber-espionage campaigns primarily targeting government entities in Southeast Asia. It is believed to be associated with China's is related to
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alloy Taurus Threat Actor is associated with Gelsemium. Alloy Taurus, a threat actor group, has been identified as a significant cybersecurity concern due to its persistent attempts at cyberespionage, primarily targeting the government sector in Southeast Asia. The activity of this group was first observed in early 2022 and continued throughout 2023, duris related to
2
Source Document References
Information about the Gelsemium Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
DARKReading
7 months ago
Securelist
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago