Trula
Trula, also referred to in the provided content as Secret Blizzard, is described as a Russian-nexus advanced persistent threat involved in cyber espionage operations against Ukrainian targets. The content specifically identifies Trula/Secret Blizzard as one of several Russian-linked APTs that exploited or attempted to exploit the WinRAR path traversal vulnerability CVE-2025-8088. In the reported activity, this exploitation was associated with espionage-focused operations. No additional aliases, sub-groups, victim sectors beyond Ukrainian targets, or further TTP details specific to Trula beyond the use or attempted use of CVE-2025-8088 are directly provided in the content.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.