G0141

GelsemiumGelsemium

Also known as: 狼毒草 · Gelsemium

Known aliases
2
Target sectors
4

Profile

The Gelsemium group has been active since at least 2014 and was described in the past by a few security companies. Gelsemium’s name comes from one possible translation ESET found while reading a report from VenusTech who dubbed the group 狼毒草 for the first time. It’s the name of a genus of flowering plants belonging to the family Gelsemiaceae, Gelsemium elegans is the species that contains toxic compounds like Gelsemine, Gelsenicine and Gelsevirine, which ESET choses as names for the three components of this malware family.

Aliases· 2

狼毒草Gelsemium

Target sectors· 4

GovernmentElectronics ManufacturersUniversitiesReligious organization

Known victims· 18

  • North Korea
  • South Korea
  • Japan
  • China
  • Mongolia
  • Egypt
  • Saudi Arabia
  • Yemen
  • Oman
  • Iran
  • Iraq
  • Kuwait

MITRE ATT&CK Group crosswalk

G0141

References

  1. https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/
  2. https://www.venustech.com.cn/uploads/2018/08/231401512426.pdf
  3. https://hitcon.org/2016/pacific/0composition/pdf/1202/1202%20R0%200930%20an%20intelligance-driven%20approach%20to%20cyber%20defense.pdf
  4. https://public.gdatasoftware.com/Presse/Publikationen/Whitepaper/EN/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Chamelgang
Group
Leafminer
Actor
TERBIUM
Group
GALLIUM
Software
Esile
Actor
Gamaredon Group
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.