Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:18:01 UTC
Home > List all groups > List all tools > List all groups using tool Ruler
 Tool: Ruler
Names Ruler
Category Tools
Type Info stealer, Credential stealer
Description
Ruler is a tool to abuse Microsoft Exchange services. It is publicly available on GitHub
and the tool is executed via the command line. The creators of Ruler have also released a
defensive tool, NotRuler, to detect its usage.
Information MITRE ATT&CK Last change to this tool card: 22 April 2020
Download this tool card in JSON format
All groups using tool Ruler
Changed Name Country Observed
APT groups
 APT 33, Elfin, Magnallium 2013-Apr 2024
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4c90bc7c-0dad-4d8f-b72a-424eb6b852e5
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4c90bc7c-0dad-4d8f-b72a-424eb6b852e5
Page 1 of 1