HOMETHREATSStorm-1113
APT / THREAT GROUP

Storm-1113

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Storm-1113 is a threat actor that acts both as an access broker focused on malware distribution through search advertisements and as an “as-a-service” entity providing malicious installers and landing page frameworks. In Storm-1113 malware distribution campaigns, users are directed to landing pages mimicking well-known software that host installers, often MSI files, that lead to the installation of malicious payloads. Storm-1113 is also the developer of EugenLoader, a commodity malware first observed around November 2022.

Threat Analysis

Storm-1113 is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2
SourceMalpedia

Also Known As

APOTHECARY SPIDERStorm-1113

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Storm-1113 — APT / Threat Group | Threat Intelligence | CTIWATCH.COM