From 2698e76043e86969582718c066cb9417e2277bc1 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 22 May 2024 05:30:08 -0700
Subject: [PATCH] [threat-actors] Add Alpha Spider

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index a2ba1b3..7970ccc 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15981,6 +15981,19 @@
       },
       "uuid": "53ac2695-35ba-4ab2-a5cd-48ca533f1b72",
       "value": "Void Manticore"
+    },
+    {
+      "description": "ALPHA SPIDER is a threat actor known for developing and operating the Alphv ransomware as a service. They have been observed using novel offensive techniques, such as exploiting software vulnerabilities and leveraging legitimate administration tools for malicious activities. ALPHA SPIDER affiliates have demonstrated persistence in exfiltrating data and have shown the ability to bypass security measures like DNS-based filtering and multifactor authentication. Despite lacking specific operational security measures, defenders have opportunities to detect and respond to ALPHA SPIDER's operations effectively.",
+      "meta": {
+        "refs": [
+          "https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/"
+        ],
+        "synonyms": [
+          "ALPHV Ransomware Group"
+        ]
+      },
+      "uuid": "6149f3b6-510d-4e45-bf88-cd25c7193702",
+      "value": "Alpha Spider"
     }
   ],
   "version": 309