mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
Added information related to Wizard Spider
This commit is contained in:
parent
613e9feb12
commit
faef21e15d
1 changed files with 31 additions and 1 deletions
|
@ -7225,6 +7225,34 @@
|
|||
"description": "Wizard Spider is reportedly associated with Grim Spider and Lunar Spider.\nThe WIZARD SPIDER threat group is the Russia-based operator of the TrickBot banking malware. This group represents a growing criminal enterprise of which GRIM SPIDER appears to be a subset. The LUNAR SPIDER threat group is the Eastern European-based operator and developer of the commodity banking malware called BokBot (aka IcedID), which was first observed in April 2017. The BokBot malware provides LUNAR SPIDER affiliates with a variety of capabilities to enable credential theft and wire fraud, through the use of webinjects and a malware distribution function.\nGRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER, a criminal enterprise of which GRIM SPIDER appears to be a cell. The WIZARD SPIDER threat group, known as the Russia-based operator of the TrickBot banking malware, had focused primarily on wire fraud in the past.",
|
||||
"meta": {
|
||||
"country": "RU",
|
||||
"cfr-suspected-victims": [
|
||||
"Australia",
|
||||
"Bahamas",
|
||||
"Canada",
|
||||
"Costa Rica",
|
||||
"France",
|
||||
"Germany",
|
||||
"India",
|
||||
"Ireland",
|
||||
"Italy",
|
||||
"Japan",
|
||||
"Mexico",
|
||||
"New Zealand",
|
||||
"Spain",
|
||||
"Switzerland",
|
||||
"Taiwan",
|
||||
"United Kingdom",
|
||||
"Ukraine",
|
||||
"United States"
|
||||
],
|
||||
"cfr-target-category": [
|
||||
"Defense",
|
||||
"Financial",
|
||||
"Government",
|
||||
"Healthcare",
|
||||
"Telecommunications"
|
||||
],
|
||||
"cfr-suspected-state-sponsor": "Russian Federation",
|
||||
"refs": [
|
||||
"https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/",
|
||||
"https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/",
|
||||
|
@ -7237,7 +7265,9 @@
|
|||
"https://www.secureworks.com/research/dyre-banking-trojan",
|
||||
"https://www.secureworks.com/blog/how-cyber-adversaries-are-adapting-to-exploit-the-global-pandemic",
|
||||
"https://www.secureworks.com/blog/trickbot-modifications-target-us-mobile-users",
|
||||
"http://www.secureworks.com/research/threat-profiles/gold-blackburn"
|
||||
"http://www.secureworks.com/research/threat-profiles/gold-blackburn",
|
||||
"https://strapi.eurepoc.eu/uploads/Eu_Repo_C_APT_profile_Conti_Wizard_Spider_dc2a733e18.pdf",
|
||||
"https://www.prodaft.com/m/reports/WizardSpider_TLPWHITE_v.1.4.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"TEMP.MixMaster",
|
||||
|
|
Loading…
Reference in a new issue