Threat Actor Profile
High APT
Description

DarkVishnya is a financially motivated threat actor targeting financial institutions in Eastern Europe. In 2017-2018 the group attacked at least 8 banks in this region.(Citation: Securelist DarkVishnya Dec 2018)

Confidence Score
90%
Known Aliases
DarkVishnya
Tags
mitre-attack stix-2.1 intrusion-set
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

MITRE ATT&CK Techniques (10)
T1219 - Remote Access Tools
Command and Control
T1571 - Non-Standard Port
Command and Control
T1040 - Network Sniffing
Credential Access
T1110 - Brute Force
Credential Access
T1046 - Network Service Discovery
Discovery
T1135 - Network Share Discovery
Discovery
T1059.001 - PowerShell
Execution
T1200 - Hardware Additions
Initial Access
T1543.003 - Windows Service
Persistence
T1588.002 - Tool
Resource Development
Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'aliases': ['DarkVishnya'],
 'created': '2020-05-15T13:07:26.651Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '[DarkVishnya](https://attack.mitre.org/groups/G0105) is a '
                'financially motivated threat actor targeting financial '
                'institutions in Eastern Europe. In 2017-2018 the group '
                'attacked at least 8 banks in this region.(Citation: '
                'Securelist DarkVishnya Dec 2018)',
 'external_references': [{'external_id': 'G0105',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0105'},
                         {'description': '(Citation: Securelist DarkVishnya '
                                         'Dec 2018)',
                          'source_name': 'DarkVishnya'},
                         {'description': 'Golovanov, S. (2018, December 6). '
                                         'DarkVishnya: Banks attacked through '
                                         'direct connection to local network. '
                                         'Retrieved May 15, 2020.',
                          'source_name': 'Securelist DarkVishnya Dec 2018',
                          'url': 'https://securelist.com/darkvishnya/89169/'}],
 'id': 'intrusion-set--813636db-3939-4a45-bea9-6113e970c029',
 'modified': '2025-04-25T14:49:05.248Z',
 'name': 'DarkVishnya',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'spec_version': '2.1',
 'type': 'intrusion-set',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_version': '1.1'}
Quick Actions
Related TTPs (10)
Remote Access Tools
Command and Control
Non-Standard Port
Command and Control
Network Sniffing
Credential Access
Brute Force
Credential Access
Network Service Discovery
Discovery
View All 10 TTPs
Back to Threat Actors
Dashboard Home