Threat Actor Profile
High
APT
Description
Gallmaker is a cyberespionage group that has targeted victims in the Middle East and has been active since at least December 2017. The group has mainly targeted victims in the defense, military, and government sectors.(Citation: Symantec Gallmaker Oct 2018)
Confidence Score
Known Aliases
Gallmaker
Tags
mitre-attack
stix-2.1
intrusion-set
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (6)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': ['Gallmaker'],
'created': '2019-01-30T14:26:42.897Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '[Gallmaker](https://attack.mitre.org/groups/G0084) is a '
'cyberespionage group that has targeted victims in the Middle '
'East and has been active since at least December 2017. The '
'group has mainly targeted victims in the defense, military, '
'and government sectors.(Citation: Symantec Gallmaker Oct '
'2018)',
'external_references': [{'external_id': 'G0084',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0084'},
{'description': '(Citation: Symantec Gallmaker Oct '
'2018)',
'source_name': 'Gallmaker'},
{'description': 'Symantec Security Response. (2018, '
'October 10). Gallmaker: New Attack '
'Group Eschews Malware to Live off '
'the Land. Retrieved November 27, '
'2018.',
'source_name': 'Symantec Gallmaker Oct 2018',
'url': 'https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group'}],
'id': 'intrusion-set--2fd2be6a-d3a2-4a65-b499-05ea2693abee',
'modified': '2025-04-25T14:49:34.304Z',
'name': 'Gallmaker',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'spec_version': '2.1',
'type': 'intrusion-set',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_version': '1.1'}