cti-ATT-CK-v13.1/enterprise-attack/intrusion-set/intrusion-set--01e28736-2ffc-455b-9880-ed4d1407ae07.json

{
    "type": "bundle",
    "id": "bundle--bd5a1953-2ab8-42dd-ac9f-12316e053970",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2022-09-15T19:49:18.799Z",
            "name": "Indrik Spider",
            "description": "[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017 they began running ransomware operations using [BitPaymer](https://attack.mitre.org/software/S0570), [WastedLocker](https://attack.mitre.org/software/S0612), and Hades ransomware.(Citation: Crowdstrike Indrik November 2018)(Citation: Crowdstrike EvilCorp March 2021)(Citation: Treasury EvilCorp Dec 2019)",
            "aliases": [
                "Indrik Spider",
                "Evil Corp"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_version": "2.1",
            "type": "intrusion-set",
            "id": "intrusion-set--01e28736-2ffc-455b-9880-ed4d1407ae07",
            "created": "2021-01-06T17:46:35.134Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0119",
                    "external_id": "G0119"
                },
                {
                    "source_name": "Evil Corp",
                    "description": "(Citation: Crowdstrike EvilCorp March 2021)(Citation: Treasury EvilCorp Dec 2019)"
                },
                {
                    "source_name": "Crowdstrike Indrik November 2018",
                    "description": "Frankoff, S., Hartley, B. (2018, November 14). Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware. Retrieved January 6, 2021.",
                    "url": "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/"
                },
                {
                    "source_name": "Crowdstrike EvilCorp March 2021",
                    "description": "Podlosky, A., Feeley, B. (2021, March 17). INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions. Retrieved September 15, 2021.",
                    "url": "https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/"
                },
                {
                    "source_name": "Treasury EvilCorp Dec 2019",
                    "description": "U.S. Department of Treasury. (2019, December 5). Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware. Retrieved September 15, 2021.",
                    "url": "https://home.treasury.gov/news/press-releases/sm845"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}