← Back to Actors
Indrik Spider
Indrik SpiderEvil CorpManatee TempestDEV-0243UNC2165
[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since at least 2014. [Indrik Spider](https://attack.mitre.org/groups/G0119) initially started with the [Dridex](https://attack.mitre.org/software/S0384) banking Trojan, and then by 2017 they began running ransomware operations using [BitPaymer](https://attack.mitre.org/software/S0570), [WastedLocker](https://attack.mitre.org/software/S0612), and Hades ransomware. Following U.S. sanctions and an indictment in 2019, [Indrik Spider](https://attack.mitre.org/groups/G0119) changed their...
35
Techniques
33
Covered
2
Gaps
94%
Coverage
Coverage33/35
COVERED (33)
T1003.001LSASS Memory111 det.T1007System Service Discovery15 det.T1012Query Registry24 det.T1018Remote System Discovery50 det.T1021.001Remote Desktop Protocol53 det.T1021.004SSH34 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation87 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.007JavaScript61 det.T1070.001Clear Windows Event Logs16 det.T1074.001Local Data Staging10 det.T1078Valid Accounts280 det.T1078.002Domain Accounts28 det.T1105Ingress Tool Transfer183 det.T1112Modify Registry203 det.T1136Create Account38 det.T1136.001Local Account43 det.T1204.002Malicious File425 det.T1484.001Group Policy Modification19 det.T1486Data Encrypted for Impact360 det.T1489Service Stop57 det.T1552.001Credentials In Files61 det.T1555.005Password Managers4 det.T1558.003Kerberoasting34 det.T1562.001Disable or Modify Tools311 det.T1567.002Exfiltration to Cloud Storage29 det.T1583Acquire Infrastructure1 det.T1587.001Malware10 det.T1590Gather Victim Network Information5 det.T1685Disable or Modify Tools278 det.T1685.005Clear Windows Event Logs11 det.