Home/ Threat Actors/ Water Galura

🌐Water Galura

🌐 Water Galura is a tracked threat actor in the Clankerusecase corpus. ??-aligned. Primary motivation: Criminal. We map 8 detection use cases to this actor across 3 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G1050) ↗

8Use cases

0Articles

3Techniques

0IOCs

About this actor (MITRE)

[Water Galura](https://attack.mitre.org/groups/G1050) are the operators of the [Qilin](https://attack.mitre.org/software/S1242) Ransomware-as-a-Service (RaaS) who handle payload generation, ransom negotiations, and the publication of stolen data for [Qilin](https://attack.mitre.org/software/S1242) affilates recruited on Russian cybercrime forums. [Water Galura](https://attack.mitre.org/groups/G1050) have been active since at least 2022 and use a double extortion model where they demand payment for providing decryption keys and for refraining from publishing the stolen data to their leak site.(

Known aliases

Water GaluraGOLD FEATHER

Top techniques

T1486 · Data Encrypted for Impact T1585.001 · Social Media Accounts T1657 · Financial Theft

Detection use cases (8)

Water Galura / Qilin (Agenda) Safe-Mode-reboot ransomware staging chain AI · profile S Qilin (Water Galura) GPO-deployed Chrome credential harvest (IPScanner.ps1 pattern) AI · profile SΣ Ransomware-style mass file rename / extension change MITRE match ASL AWS Detect Users creating keys with encrypt policy without MFA MITRE match AWS Detect Users creating keys with encrypt policy without MFA MITRE match AWS Detect Users with KMS keys performing encryption S3 MITRE match High Process Termination Frequency MITRE match Ransomware Notes bulk creation MITRE match