Threat actor · all actors
Blue MockingbirdG0108 unknown
aka Blue Mockingbird
Last updated: 2026-07-03
0attributed CVEs
35ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
[Blue Mockingbird](https://attack.mitre.org/groups/G0108) is a cluster of observed activity involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. The earliest observed Blue Mockingbird tools were created in December 2019.(Citation: RedCanary Mockingbird May 2020)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
AC-3 | 26 / 35 | 74% |
AC-6 | 25 / 35 | 71% |
AC-2 | 24 / 35 | 69% |
CM-6 | 24 / 35 | 69% |
SI-4 | 24 / 35 | 69% |
CM-2 | 23 / 35 | 66% |
CM-7 | 21 / 35 | 60% |
AC-5 | 20 / 35 | 57% |
CM-5 | 20 / 35 | 57% |
IA-2 | 20 / 35 | 57% |
SI-7 | 19 / 35 | 54% |
SI-3 | 18 / 35 | 51% |
CA-7 | 16 / 35 | 46% |
SI-10 | 13 / 35 | 37% |
RA-5 | 10 / 35 | 29% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Aquatic Panda 0.33
- Silence 0.32
- C0018 0.27
- Cinnamon Tempest 0.27
- HomeLand Justice 0.27