Cyber Resilience

Threat actor · all actors

Blue MockingbirdG0108 unknown

aka Blue Mockingbird

Last updated: 2026-07-03

0attributed CVEs
35ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Blue Mockingbird](https://attack.mitre.org/groups/G0108) is a cluster of observed activity involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. The earliest observed Blue Mockingbird tools were created in December 2019.(Citation: RedCanary Mockingbird May 2020)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
AC-326 / 3574%
AC-625 / 3571%
AC-224 / 3569%
CM-624 / 3569%
SI-424 / 3569%
CM-223 / 3566%
CM-721 / 3560%
AC-520 / 3557%
CM-520 / 3557%
IA-220 / 3557%
SI-719 / 3554%
SI-318 / 3551%
CA-716 / 3546%
SI-1013 / 3537%
RA-510 / 3529%

Co-occurring actors

None.

Similar actors