test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/intrusion-set
/intrusion-set--01e28736-2ffc-455b-9880-ed4d1407ae07.json
{ | |
"type": "bundle", | |
"id": "bundle--bd5a1953-2ab8-42dd-ac9f-12316e053970", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"modified": "2022-09-15T19:49:18.799Z", | |
"name": "Indrik Spider", | |
"description": "[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017 they began running ransomware operations using [BitPaymer](https://attack.mitre.org/software/S0570), [WastedLocker](https://attack.mitre.org/software/S0612), and Hades ransomware.(Citation: Crowdstrike Indrik November 2018)(Citation: Crowdstrike EvilCorp March 2021)(Citation: Treasury EvilCorp Dec 2019)", | |
"aliases": [ | |
"Indrik Spider", | |
"Evil Corp" | |
], | |
"x_mitre_deprecated": false, | |
"x_mitre_version": "2.1", | |
"type": "intrusion-set", | |
"id": "intrusion-set--01e28736-2ffc-455b-9880-ed4d1407ae07", | |
"created": "2021-01-06T17:46:35.134Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"revoked": false, | |
"external_references": [ | |
{ | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/groups/G0119", | |
"external_id": "G0119" | |
}, | |
{ | |
"source_name": "Evil Corp", | |
"description": "(Citation: Crowdstrike EvilCorp March 2021)(Citation: Treasury EvilCorp Dec 2019)" | |
}, | |
{ | |
"source_name": "Crowdstrike Indrik November 2018", | |
"description": "Frankoff, S., Hartley, B. (2018, November 14). Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware. Retrieved January 6, 2021.", | |
"url": "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/" | |
}, | |
{ | |
"source_name": "Crowdstrike EvilCorp March 2021", | |
"description": "Podlosky, A., Feeley, B. (2021, March 17). INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions. Retrieved September 15, 2021.", | |
"url": "https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/" | |
}, | |
{ | |
"source_name": "Treasury EvilCorp Dec 2019", | |
"description": "U.S. Department of Treasury. (2019, December 5). Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware. Retrieved September 15, 2021.", | |
"url": "https://home.treasury.gov/news/press-releases/sm845" | |
} | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"x_mitre_domains": [ | |
"enterprise-attack" | |
], | |
"x_mitre_attack_spec_version": "2.1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |