HOMETHREATSCurly COMrades
APT / THREAT GROUP

Curly COMrades

🇷🇺Russia-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Curly COMrades is a threat actor identified by Amazon Threat Intelligence and Bitdefender, believed to operate in support of Russian interests. They employ techniques such as Hyper-V abuse for EDR evasion and utilize proxy tools like Resocks, SSH, and Stunnel to gain access to internal networks. Their activities include repeated attempts to extract the NTDS database from domain controllers and establishing covert access through virtualization features on compromised Windows 10 machines.

Threat Analysis

Curly COMrades is a known-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Curly COMrades — Active Operations March 2026

Curly COMrades is a unknown-motivation threat actor attributed to Russia. Curly COMrades is a threat actor identified by Amazon Threat Intelligence and Bitdefender, believed to operate in support of Russian interests. They employ techniques such as Hyper-V abuse for EDR evasion and utilize proxy tools like Resocks, SSH, and Stunnel to gain access to in...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇷🇺 Russia
Aliases1
SourceMalpedia

Also Known As

Curly COMrades

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.