🇷🇺

INDRIK SPIDER

APT Group Financial gain Financial crime 1 zero-day CVE ETDA ✓

Also Known As 4 names

DEV-0243 EvilCorp Manatee Tempest UNC2165

Target Countries 12

Countries highlighted in red

Argentina Australia Brazil Germany Spain France United Kingdom India Lithuania Netherlands Russian Federation United States

Sectors Targeted

Motion Picture and Video Production 51211 National Security and International Affairs 928 Hospitals 622 Offices of Certified Public Accountants 541211 Data Processing, Hosting, and Related Services 518 Utilities 22 Arts, Entertainment, and Recreation 71 Government Information 51 Space Research and Technology 927 Healthcare Data Processing, Hosting, and Related Services 51821 Other Information Services 519 Software Publishers 51121 Internet Publishing and Broadcasting and Web Search Portals 51913 Computer Systems Design and Related Services 54151 Computer Systems Design and Related Services 5415 Construction 23 Professional, Scientific, and Technical Services 54 Publishing Industries (except Internet) 511 Other Services (except Public Administration) 81 Periodical Publishers 51112 Promoters of Performing Arts, Sports, and Similar Events 7113 National Security and International Affairs 928110 Religious, Grantmaking, Civic, Professional, and Similar Organizations 813 Advertising Agencies 54181 Insurance Carriers and Related Activities 524 Newspaper Publishers 51111 Media Health Care and Social Assistance 62 Construction of Buildings 236 Commercial Banking 52211 Computer Systems Design Services 541512 Finance and Insurance 52 Public Administration 92 Legal Services 5411 Agriculture, Forestry, Fishing and Hunting 11 Grantmaking and Giving Services 8132 Software Publishers 5112 Offices of Lawyers 541110 Oil and Gas Extraction 211 NAICS:31 31 Financial

Details

Origin 🇷🇺 RU
Last Updated 01 Jun 2022

Malware Families 7

donut_injector
wastedlocker
feodo
houdini
zhmimikatz
fakeupdateru
H-worm

MITRE ATT&CK 122

T1001.003 - Protocol Impersonation T1003 T1003.001 T1005 - Data from Local System T1007 T1012 - Query Registry T1016 - System Network Configuration Discovery T1018 - Remote System Discovery T1021 T1021.001 T1021.002 - SMB/Windows Admin Shares T1021.004 T1027 - Obfuscated Files or Information T1031 - Modify Existing Service T1033 - System Owner/User Discovery T1036 - Masquerading T1036.001 - Invalid Code Signature T1036.005 T1045 - Software Packing T1046 - Network Service Scanning T1047 T1053 - Scheduled Task/Job T1053.005 - Scheduled Task T1055 - Process Injection T1055.001 - Dynamic-link Library Injection T1056 - Input Capture T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 T1059.003 T1059.007 - JavaScript T1060 - Registry Run Keys / Startup Folder T1068 - Exploitation for Privilege Escalation T1069 - Permission Groups Discovery T1070 T1070.001 - Clear Windows Event Logs T1070.004 - File Deletion T1071 - Application Layer Protocol T1071.001 - Web Protocols T1071.004 - DNS T1074 T1074.001 T1078 - Valid Accounts T1078.002 T1082 - System Information Discovery T1083 - File and Directory Discovery T1090 - Proxy T1094 - Custom Command and Control Protocol T1102 - Web Service T1105 - Ingress Tool Transfer T1106 - Native API T1112 - Modify Registry T1113 - Screen Capture T1129 - Shared Modules T1132 - Data Encoding T1133 - External Remote Services T1136 T1136.001 T1140 - Deobfuscate/Decode Files or Information T1143 - Hidden Window T1147 - Hidden Users T1155 - AppleScript T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1192 - Spearphishing Link T1199 - Trusted Relationship T1202 - Indirect Command Execution T1204 - User Execution T1204.001 - Malicious Link T1204.002 - Malicious File T1449 - Exploit SS7 to Redirect Phone Calls/SMS T1480 - Execution Guardrails T1482 - Domain Trust Discovery T1484 T1484.001 - Group Policy Modification T1486 - Data Encrypted for Impact T1489 T1490 - Inhibit System Recovery T1497 - Virtualization/Sandbox Evasion T1518 - Software Discovery T1518.001 - Security Software Discovery T1543.003 - Windows Service T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1550 - Use Alternate Authentication Material T1550.002 - Pass the Hash T1552 T1552.001 T1553 - Subvert Trust Controls T1555 T1555.005 T1558 T1558.003 T1559 - Inter-Process Communication T1562 T1562.001 - Disable or Modify Tools T1566 - Phishing T1566.001 - Spearphishing Attachment T1566.002 T1567 - Exfiltration Over Web Service T1567.002 T1568 - Dynamic Resolution T1570 - Lateral Tool Transfer T1573 - Encrypted Channel T1574 - Hijack Execution Flow T1574.001 - DLL Search Order Hijacking T1583 - Acquire Infrastructure T1583.004 T1583.005 - Botnet T1583.008 T1584 - Compromise Infrastructure T1584.001 T1584.004 T1585 T1585.002 T1587 T1587.001 T1590 T1608 - Stage Capabilities T1608.001 T1608.004 T1608.006

Related Zero-Days 1

CVE-2024-50623