DUNGEON SPIDERDUNGEON SPIDER

Also known as: DUNGEON SPIDER

Known aliases
1

Profile

DUNGEON SPIDER is a criminal group operating the ransomware most commonly known as Locky, which has been active since February 2016 and was last observed in late 2017. Locky is a ransomware tool that encrypts files using a combination of cryptographic algorithms: RSA with a key size of 2,048 bits, and AES with a key size of 128 bits. Locky targets a large number of file extensions and is able to encrypt data on shared network drives. In an attempt to further impact victims and prevent file recovery, Locky deletes all of the Shadow Volume Copies on the machine. DUNGEON SPIDER primarily relies on broad spam campaigns with malicious attachments for distribution. Locky is the community/industry name associated with this actor.

Aliases· 1

DUNGEON SPIDER

References

  1. https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-october-dungeon-spider/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
VIKING SPIDER
Software
Locky
Actor
RIDDLE SPIDER
Actor
Alpha Spider
Software
CryptoSpider
Software
darkylock
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.