Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 22:51:19 UTC
Home > List all groups > List all tools > List all groups using tool Apostle
 Tool: Apostle
Names Apostle
Category Malware
Type Wiper, Ransomware
Description
(SentinelLabs) One of the wipers used in the attack, dubbed ‘Apostle’, was later turned
into a fully functional ransomware, replacing its wiper functionalities. The message
inside it suggests it was used to target a critical, nation-owned facility in the United Arab
Emirates. The similarity to its wiper version, as well as the nature of the target in the
context of regional disputes, leads us to believe that the operators behind it are utilizing
ransomware for its disruptive capabilities.
Information
MITRE ATT&CK Malpedia Last change to this tool card: 27 December 2024
Download this tool card in JSON format
All groups using tool Apostle
Changed Name Country Observed
APT groups
 Agrius 2020-May 2023
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8bce8d3a-ca82-4e2a-8fe3-87f4c2f83382
Page 1 of 2

1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8bce8d3a-ca82-4e2a-8fe3-87f4c2f83382
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8bce8d3a-ca82-4e2a-8fe3-87f4c2f83382
Page 2 of 2