APT / THREAT GROUP

Edam

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Orange Cyberdefense, Edam is written in C++ and its PDB path indicates it is called "droper_dll". It is capable of establishing persistence by setting up a Run key as Setting App which points towards its own file and then of downloading from another C2 a final stage using HTTP GET.

Threat Analysis

Edam is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning Edam

External References

Quick Facts

TypeAPT / Threat Group
Aliases3

Also Known As

EdamSECONDBESTwin.edam

External Intelligence

Malpedia: win.edam

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.