Gazer

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[Gazer](https://attack.mitre.org/software/S0168) is a backdoor used by [Turla](https://attack.mitre.org/groups/G0010) since at least 2016. (Citation: ESET Gazer Aug 2017)

Associated Techniques (18)

ID	ATT&CK	Tactics
T1027.013	Encrypted/Encoded File	-
T1033	System Owner/User Discovery	-
T1053.005	Scheduled Task	-
T1055	Process Injection	-
T1055.003	Thread Execution Hijacking	-
T1070.004	File Deletion	-
T1070.006	Timestomp	-
T1071.001	Web Protocols	-
T1105	Ingress Tool Transfer	-
T1480.002	Mutual Exclusion	-
T1546.002	Screensaver	-
T1547.001	Registry Run Keys / Startup Folder	-
T1547.004	Winlogon Helper DLL	-
T1547.009	Shortcut Modification	-
T1553.002	Code Signing	-

Aliases (105)

WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear WhiteBear

Used by Actors (1)

Turla
Nation-state

Metadata

ID:	342
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00