Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 15:43:39 UTC
Home > List all groups > List all tools > List all groups using tool Gelsevirine
 Tool: Gelsevirine
Names Gelsevirine
Category Malware
Type Backdoor
Description
(ESET) Gelsevirine is the last stage of the chain and it is called MainPlugin by its
developers, according to the DLL name and also PDB path found in old samples
(Z:\z_code\Q1\Client\Win32\Release\MainPlugin.pdb). It’s also worth mentioning that
if defenders manage to obtain this last stage alone, it won’t run flawlessly since it
requires its arguments to be set up by Gelsenicine.
Information MITRE ATT&CK Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool Gelsevirine
Changed Name Country Observed
APT groups
 Gelsemium 2014-2023
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=120b6249-69a8-4ffb-80dc-32b483341245
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=120b6249-69a8-4ffb-80dc-32b483341245
Page 1 of 1