← Back to Actors
Indrik Spider
Indrik SpiderEvil CorpManatee TempestDEV-0243UNC2165
[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017 they began running ransomware operations using [BitPaymer](https://attack.mitre.org/software/S0570), [WastedLocker](https://attack.mitre.org/software/S0612), and Hades ransomware. Following U.S. sanctions and an indictment in 2019, [Indrik Spider](https://attack.mitre.org/groups/G0119) changed their...
35
Techniques
33
Covered
2
Gaps
94%
Coverage
Coverage33/35
COVERED (33)
T1003.001LSASS Memory111 det.T1007System Service Discovery15 det.T1012Query Registry25 det.T1018Remote System Discovery51 det.T1021.001Remote Desktop Protocol53 det.T1021.004SSH35 det.T1036.005Match Legitimate Resource Name or Location45 det.T1047Windows Management Instrumentation88 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.007JavaScript63 det.T1070.001Clear Windows Event Logs16 det.T1074.001Local Data Staging10 det.T1078Valid Accounts297 det.T1078.002Domain Accounts28 det.T1105Ingress Tool Transfer184 det.T1112Modify Registry203 det.T1136Create Account38 det.T1136.001Local Account43 det.T1204.002Malicious File441 det.T1484.001Group Policy Modification19 det.T1486Data Encrypted for Impact374 det.T1489Service Stop58 det.T1552.001Credentials In Files61 det.T1555.005Password Managers4 det.T1558.003Kerberoasting34 det.T1562.001Disable or Modify Tools316 det.T1567.002Exfiltration to Cloud Storage31 det.T1583Acquire Infrastructure1 det.T1587.001Malware10 det.T1590Gather Victim Network Information5 det.T1685Disable or Modify Tools279 det.T1685.005Clear Windows Event Logs12 det.