G0119

G0119Indrik Spider

Description

[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017 they began running ransomware operations using [BitPaymer](https://attack.mitre.org/software/S0570), [WastedLocker](https://attack.mitre.org/software/S0612), and Hades ransomware. Following U.S. sanctions and an indictment in 2019, [Indrik Spider](https://attack.mitre.org/groups/G0119) changed their tactics and diversified their toolset.(Citation: Crowdstrike Indrik November 2018)(Citation: Crowdstrike EvilCorp March 2021)(Citation: Treasury EvilCorp Dec 2019)

References

  1. https://attack.mitre.org/groups/G0119
  2. https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/
  3. https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/
  4. https://home.treasury.gov/news/press-releases/sm845

Software attributed to this1

TypeTargetConfidenceTier
SoftwareWastedLockers0612100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
Wizard Spider
Software
WastedLocker
Actor
GRIM SPIDER
Software
Indrik
Actor
DOPPEL SPIDER
Group
Inception
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.