NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / RedCurl

RedCurl

Overview

RedCurl is a threat actor active since 2018 notable for corporate espionage targeting a variety of locations, including Ukraine, Canada and the United Kingdom, and a variety of industries, including but not limited to travel agencies, insurance companies, and banks. RedCurl is allegedly a Russian-speaking threat actor. The group’s operations typically start with spearphishing emails to gain initial access, then the group executes discovery and collection commands and scripts to find corporate data. The group concludes operations by exfiltrating files to the C2 servers.

TTPs — 41 techniques across 11 tactics

Resource Development

Initial Access

Execution

Persistence

Credential Access

Lateral Movement

Command and Control

Reporting (2)