Get Started
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get Started
Back to Resources

SentinelOne Detects Pteranodon, by Gamaredon Group

Video
SentinelOne Detects Pteranodon, by Gamaredon Group

Gamaredon Group is a threat group that has been active since at least 2013 and has targeted individuals likely involved in the Ukrainian government.
Tools used by Gamaredon Group:
– Remote File Copy – Capable of downloading and executing additional payloads
– Scripting – Various batch scripts to establish C2, download additional files, and conduct other functions.
– Peripheral Device Discovery – Gamaredon Group tools contained an application to check the performance of USB flash drives.
– Data from Removable Media – File stealer, can steal data from newly connected logical volumes on a system, including USB drives.
– Exfiltration Over Command and Control Channel – A Gamaredon Group file stealer transfers collected files to a hardcoded C2 server.
– Standard Application Layer Protocol – A file stealer can communicate over HTTP for C2.
– System Information Discovery – A file stealer can gather the victim’s computer name and drive serial numbers to send to a C2 server.
– System Owner/User Discovery – A file stealer can gather the victim’s username to submit to a C2 server.
For more info on SentinelOne, visit https://www.sentinelone.com/platform/

-~-

Watch Now
Related Resources
Video
SentinelOne PartnerOne – America’s 2025
Video
Just a Sec: Cybersecurity Unfiltered—Fast, Frank, and From the Front Lines
Video
LABScon24 Replay | A Walking Red Flag (With Yellow Stars) | Cary & Benincasa
Video
LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware | Jim Walter

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo