belarusian_kgb
Belarusian KGB is the Belarusian intelligence service referenced in reporting on the deployment of ResidentBat spyware against local journalists in Belarus. The provided content states that Belarusian authorities used ResidentBat on journalists’ smartphones during police interrogations, including a case where a reporter began receiving malware alerts days after being questioned by the Belarusian KGB. ResidentBat is described as spyware capable of collecting call logs, recording audio, taking screenshots, collecting SMS and encrypted messages, and exfiltrating files. The content further notes that ResidentBat server infrastructure has been active since March 2021, coinciding with anti-government protests in Belarus. The developer of ResidentBat is stated to be unknown. No additional aliases or sub-groups are provided beyond "belarusian_kgb".
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Associated malware families
1 malware family attributed to this actor across reporting.
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.