Ember Bear

MITRE
Type:
Unknown
Country:
Unknown
First seen:
Unknown
Details:

[Ember Bear](https://attack.mitre.org/groups/G1003) is a Russian state-sponsored cyber espionage group that has been active since at least 2020, linked to Russia's General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155).(Citation: CISA GRU29155 2024) [Ember Bear](https://attack.mitre.org/groups/G1003) has primarily focused operations against Ukrainian government and telecommunication entities, but has also operated against critical infrastructure entities in Europe and the Americas.(Citation: Cadet Blizzard emerges as novel threat actor) [Ember Bear](https://attack.mitre.org/groups/G1003) conducted the [WhisperGate](https://attack.mitre.org/software/S0689) destructive wiper attacks against Ukraine in early 2022.(Citation: CrowdStrike Ember Bear Profile March 2022)(Citation: Mandiant UNC2589 March 2022)(Citation: CISA GRU29155 2024) There is some confusion as to whether [Ember Bear](https://attack.mitre.org/groups/G1003) overlaps with another Russian-linked entity referred to as [Saint Bear](https://attack.mitre.org/groups/G1031). At present available evidence strongly suggests these are distinct activities with different behavioral profiles.(Citation: Cadet Blizzard emerges as novel threat actor)(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )

MITRE ATT&CK: View on MITRE
Techniques Used (48)
ID ATT&CK Tactics
T1003 OS Credential Dumping -
T1003.001 LSASS Memory -
T1003.002 Security Account Manager -
T1003.004 LSA Secrets -
T1005 Data from Local System -
T1018 Remote System Discovery -
T1021 Remote Services -
T1036 Masquerading -
T1036.005 Match Legitimate Resource Name or Location -
T1046 Network Service Discovery -
T1047 Windows Management Instrumentation -
T1053.005 Scheduled Task -
T1059.001 PowerShell -
T1070.004 File Deletion -
T1071.004 DNS -
Aliases (1176)
UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056 UNC2589 Bleeding Bear DEV-0586 Cadet Blizzard Frozenvista UAC-0056
Related Malware (11)
BloodHound
tool
CrackMapExec
tool
Impacket
tool
ngrok
tool
P.A.S. Webshell
other
PsExec
tool
Rclone
tool
reGeorg
other
Responder
tool
Saint Bot
other
Metadata
ID: 879
Created: 13/01/2026 17:48
Updated: 21/04/2026 16:00