RU

UNK_RemoteRogueUNK_RemoteRogue

Also known as: UNK_RemoteRogue

Origin
RU
Known aliases
1

Profile

UNK_RemoteRogue is a suspected Russian threat actor that has been observed utilizing ClickFix in its infection chains, although this technique is not revolutionizing their operations but rather replacing existing installation methods. The group has a history of employing compromised intermediate mailservers, with specific infrastructure noted, such as the upstream concentrator at 80.66.66[.]197. Proofpoint recorded their use of ClickFix only once before they reverted to traditional campaigns that share similar characteristics, including targeting and infrastructure. UNK_RemoteRogue has been linked to phishing activities and has shown consistent patterns in its operational tactics.

Aliases· 1

UNK_RemoteRogue

References

  1. https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNK_AcademicFlare
Actor
UAC-0215
Actor
UTA0352
Actor
UNC6353
Actor
UNC3524
Actor
UNC6691
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.