Uptime Hamster: 1d 11h 47mDeploy: 14 Jul 2026 21:26Updated: 2026-07-14
Logo del actor de amenaza Librarian Ghouls

Librarian Ghouls

0 incidentes 0 paises 0 sectores apt RU Ultimo: -
Aliases: rare werewolf
Ver en IntelTracker → APTTrail →
Librarian Ghouls, also known as Rare Werewolf or Rezet, emerged around 2019 as an advanced persistent threat group primarily focused on credential theft, remote access, and cryptojacking. The group is assessed with high confidence to be of Russian origin, indicated by its consistent targeting of entities within Russia and the Commonwealth of Independent States, and the use of Russian-language phishing materials. A distinguishing characteristic of Librarian Ghouls is its primary reliance on legitimate third-party software and PowerShell scripts for malicious operations, a technique that allows them to maintain a lower profile and evade detection compared to groups employing custom malware. They are known for conducting stealthy nighttime operations, often between 1 AM and 5 AM, to avoid discovery during periods of low activity.

Aliases del actor

rare werewolf

Actores similares

rare-werewolfactor · 1Silent Librarianactor · 1silent-librarianactor · 1
Tecnicas MITRE
T1027 - Obfuscated Files or Information, T1219 - Remote Access Software, T1095 - Non-Application Layer Protocol, T1005 - Data from Local System, T1204.002 - Malicious File, T1049 - System Network Connections Discovery
CVEs relacionadas
CVE-2025-55182
Tipo
apt
Pais origen
RU
Motivacion
-
Impacto
48
Actualizado
Mon, 13 Ap

Paises objetivo (SOCRadar)

BelarusKazakhstanMongoliaRussian FederationUkraine

Sectores objetivo (SOCRadar)

Software PublishersEnterprises & HoldingManufacturingElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationOil & GasEducational ServicesSpace & DefenseEnergy & Utilities Aircraft Manufacturing