{
	"id": "47f527a8-32ad-417a-86fa-525b6c2525b9",
	"created_at": "2026-04-06T00:17:32.184396Z",
	"updated_at": "2026-04-10T13:12:45.294585Z",
	"deleted_at": null,
	"sha1_hash": "e40015ddc394dbe36313cfc25b9de8474137ab1b",
	"title": "Maksim Yakubets",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 101934,
	"plain_text": "Maksim Yakubets\r\nBy Contributors to Wikimedia projects\r\nPublished: 2020-06-29 · Archived: 2026-04-05 16:46:03 UTC\r\nFrom Wikipedia, the free encyclopedia\r\nMaksim Viktorovich Yakubets\r\nМаксим Викторович Якубец\r\nBorn\r\nMay 20, 1987 (age 38)\r\nPolonne, Khmelnytskyi Oblast, Ukraine, Soviet Union\r\nOther names \"Aqua,\" \"Aquamo,\" \"Shluhnet,\" \"388888\"\r\nKnown for Hacking\r\nCriminal charge Cybercriminal\r\nhttps://en.wikipedia.org/wiki/Maksim_Yakubets\r\nPage 1 of 3\n\nMaksim Viktorovich Yakubets (Russian: Максим Викторович Якубец) is a Ukrainian-born Russian[1]\r\ncomputer expert and alleged computer hacker. He is alleged to have been a member of the Evil Corp, Jabber Zeus\r\nCrew, as well as the alleged leader of the Bugat malware conspiracy.\r\n[2][3][4]\r\n Russian media openly describe\r\nYakubets as a \"hacker who stole $100 million\", friend of Dmitry Peskov and discussed his lavish lifestyle,\r\nincluding luxury wedding with a daughter of FSB officer Eduard Bendersky and Lamborghini with \"ВОР\"\r\n(Russian for \"thief\") registration plate.[5][6][7] Yakubets's impunity in Russia is perceived as clue of his close ties\r\nwith FSB, but also criticized by domestic information security experts such as Ilya Sachkov.\r\n[8]\r\nOn November 13, 2019, Yakubets was charged in the United States District Court for the Western District of\r\nPennsylvania for allegedly conspiring in the development, maintenance, distribution, and infection of Bugat\r\nmalware. The following day, he was charged in the United States District Court for the District of Nebraska for his\r\nalleged involvement in the installation of Zeus.\r\n[9]\r\n1. ^ \"MAKSIM VIKTOROVICH YAKUBETS\". Federal Bureau of Investigation. Retrieved 9 November 2021.\r\n2. ^ \"USA V. YAKUBETS\". November 14, 2019. “As more fully described below, DEFENDANT and others\r\n(collectively, the \"Jabber Zeus Crew\") have infected thousands of business computers with malicious\r\nsoftware that captures passwords, account numbers, and other information necessary to log into online\r\nbanking accounts, and have then used the captured information to steal millions of dollars from victims'\r\nbank accounts.”\r\n3. ^ \"Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in\r\nTens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of\r\n\"Bugat\" Malware\". United States Department of Justice. December 5, 2019. Retrieved June 29, 2020.\r\n“Yakubets was the leader of the group of conspirators involved with the Bugat malware and botnet,\r\naccording to the indictment. As the leader, he oversaw and managed the development, maintenance,\r\ndistribution, and infection of Bugat as well as the financial theft and use of money mules.” {{cite\r\nnews}} : CS1 maint: deprecated archival service (link)\r\n4. ^ Ng, Alfred (December 5, 2019). \"US puts $5 million bounty on Russian hacking group Evil Corp.\r\nleader\". CNET. Retrieved June 29, 2020. {{cite news}} : CS1 maint: deprecated archival service (link)\r\n5. ^ \"Свадьба хакера Максима Якубца и дочери офицера группы ФСБ \"Вымпел\" за £250 тыс. прошла в\r\nгольф-клубе Целеево\". Русский Монитор | Russian Monitor (in Russian). 2019-12-11. Retrieved 2021-\r\n10-13.\r\n6. ^ \"Ручные хакеры, экстравагантные миллионеры Как Evil Corp — самая могущественная хакерская\r\nгруппировка в мире — связана с российскими силовиками. Расследование Лилии Яппаровой\". Meduza\r\n(in Russian). Retrieved 2021-10-13.\r\n7. ^ \"Госдеп США: хакер Aqua из России разорил американцев на 70 миллионов долларов\". vesti.ru (in\r\nRussian). Retrieved 2021-10-13.\r\n8. ^ Seddon, Max (2021-10-13). \"Russia sends warning to cyber security sector with arrest of Ilya Sachkov\".\r\nFinancial Times. Retrieved 2021-10-13.\r\n9. ^ \"WANTED BY THE FBI: MAKSIM VIKTOROVICH YAKUBETS\". December 5, 2019. “Specifically,\r\nYakubets was involved in the installation of malicious software known as Zeus, which was disseminated\r\nthrough phishing emails and used to capture victims' online banking credentials. These credentials were\r\nthen used to steal money from the victims' bank accounts. On August 22, 2012, an individual was charged\r\nhttps://en.wikipedia.org/wiki/Maksim_Yakubets\r\nPage 2 of 3\n\nin a superseding indictment under the moniker \"aqua\" in the District of Nebraska with conspiracy to\r\nparticipate in racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated\r\nidentity theft, and multiple counts of bank fraud. On November 14, 2019, a criminal complaint was issued\r\nin the District of Nebraska that ties the previously indicted moniker of \"aqua\" to Yakubets and charges him\r\nwith conspiracy to commit bank fraud. Yakubets is also allegedly the leader of the Bugat/Cridex/Dridex\r\nmalware conspiracy wherein he oversaw and managed the development, maintenance, distribution, and\r\ninfection of the malware. Yakubets allegedly conspired to disseminate the malware through phishing\r\nemails, to use the malware to capture online banking credentials, and to use these captured credentials to\r\nsteal money from the victims' bank accounts. He, subsequently, used the malware to install ransomware on\r\nvictims' computers. Yakubets was indicted in the Western District of Pennsylvania, on November 13, 2019,\r\nand was charged with Conspiracy, Conspiracy to Commit Fraud, Wire Fraud, Bank Fraud, and Intentional\r\nDamage to a Computer.”\r\nSource: https://en.wikipedia.org/wiki/Maksim_Yakubets\r\nhttps://en.wikipedia.org/wiki/Maksim_Yakubets\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://en.wikipedia.org/wiki/Maksim_Yakubets"
	],
	"report_names": [
		"Maksim_Yakubets"
	],
	"threat_actors": [
		{
			"id": "50068c14-343c-4491-b568-df41dd59551c",
			"created_at": "2022-10-25T15:50:23.253218Z",
			"updated_at": "2026-04-10T02:00:05.234464Z",
			"deleted_at": null,
			"main_name": "Indrik Spider",
			"aliases": [
				"Indrik Spider",
				"Evil Corp",
				"Manatee Tempest",
				"DEV-0243",
				"UNC2165"
			],
			"source_name": "MITRE:Indrik Spider",
			"tools": [
				"Mimikatz",
				"PsExec",
				"Dridex",
				"WastedLocker",
				"BitPaymer",
				"Cobalt Strike"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "b296f34c-c424-41da-98bf-90312a5df8ef",
			"created_at": "2024-06-19T02:03:08.027585Z",
			"updated_at": "2026-04-10T02:00:03.621193Z",
			"deleted_at": null,
			"main_name": "GOLD DRAKE",
			"aliases": [
				"Evil Corp",
				"Indrik Spider ",
				"Manatee Tempest "
			],
			"source_name": "Secureworks:GOLD DRAKE",
			"tools": [
				"BitPaymer",
				"Cobalt Strike",
				"Covenant",
				"Donut",
				"Dridex",
				"Hades",
				"Koadic",
				"LockBit",
				"Macaw Locker",
				"Mimikatz",
				"Payload.Bin",
				"Phoenix CryptoLocker",
				"PowerShell Empire",
				"PowerSploit",
				"SocGholish",
				"WastedLocker"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "9806f226-935f-48eb-b138-6616c9bb9d69",
			"created_at": "2022-10-25T16:07:23.73153Z",
			"updated_at": "2026-04-10T02:00:04.729977Z",
			"deleted_at": null,
			"main_name": "Indrik Spider",
			"aliases": [
				"Blue Lelantos",
				"DEV-0243",
				"Evil Corp",
				"G0119",
				"Gold Drake",
				"Gold Winter",
				"Manatee Tempest",
				"Mustard Tempest",
				"UNC2165"
			],
			"source_name": "ETDA:Indrik Spider",
			"tools": [
				"Advanced Port Scanner",
				"Agentemis",
				"Babuk",
				"Babuk Locker",
				"Babyk",
				"BitPaymer",
				"Bugat",
				"Bugat v5",
				"Cobalt Strike",
				"CobaltStrike",
				"Cridex",
				"Dridex",
				"EmPyre",
				"EmpireProject",
				"FAKEUPDATES",
				"FakeUpdate",
				"Feodo",
				"FriedEx",
				"Hades",
				"IEncrypt",
				"LINK_MSIEXEC",
				"MEGAsync",
				"Macaw Locker",
				"Metasploit",
				"Mimikatz",
				"PayloadBIN",
				"Phoenix Locker",
				"PowerShell Empire",
				"PowerSploit",
				"PsExec",
				"QNAP-Worm",
				"Raspberry Robin",
				"RaspberryRobin",
				"SocGholish",
				"Vasa Locker",
				"WastedLoader",
				"WastedLocker",
				"cobeacon",
				"wp_encrypt"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "6c4f98b3-fe14-42d6-beaa-866395455e52",
			"created_at": "2023-01-06T13:46:39.169554Z",
			"updated_at": "2026-04-10T02:00:03.23458Z",
			"deleted_at": null,
			"main_name": "Evil Corp",
			"aliases": [
				"GOLD DRAKE"
			],
			"source_name": "MISPGALAXY:Evil Corp",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434652,
	"ts_updated_at": 1775826765,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e40015ddc394dbe36313cfc25b9de8474137ab1b.pdf",
		"text": "https://archive.orkl.eu/e40015ddc394dbe36313cfc25b9de8474137ab1b.txt",
		"img": "https://archive.orkl.eu/e40015ddc394dbe36313cfc25b9de8474137ab1b.jpg"
	}
}