← Back to Actors
Indrik Spider
Indrik SpiderEvil CorpManatee TempestDEV-0243UNC2165
[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017 they began running ransomware operations using [BitPaymer](https://attack.mitre.org/software/S0570), [WastedLocker](https://attack.mitre.org/software/S0612), and Hades ransomware. Following U.S. sanctions and an indictment in 2019, [Indrik Spider](https://attack.mitre.org/groups/G0119) changed their...
33
Techniques
31
Covered
2
Gaps
94%
Coverage
Coverage31/33
COVERED (31)
T1003.001LSASS Memory105 det.T1007System Service Discovery11 det.T1012Query Registry22 det.T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1021.004SSH31 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation85 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.007JavaScript58 det.T1070.001Clear Windows Event Logs15 det.T1074.001Local Data Staging10 det.T1078Valid Accounts252 det.T1078.002Domain Accounts26 det.T1105Ingress Tool Transfer170 det.T1112Modify Registry197 det.T1136Create Account32 det.T1136.001Local Account42 det.T1204.002Malicious File397 det.T1484.001Group Policy Modification18 det.T1486Data Encrypted for Impact339 det.T1489Service Stop54 det.T1552.001Credentials In Files53 det.T1555.005Password Managers4 det.T1558.003Kerberoasting31 det.T1562.001Disable or Modify Tools300 det.T1567.002Exfiltration to Cloud Storage27 det.T1583Acquire Infrastructure1 det.T1587.001Malware9 det.T1590Gather Victim Network Information4 det.