Threat Actors

  Page 2 of 71  
UPDATED: 5/10/2019
According to CrowdStrike, this actor is using BokBok/IcedID, potentially buying distribution through Emotet infections... . More...
UPDATED: 5/10/2019
According to CrowdStrike, this actor is using TinyLoader and TinyPOS, potentially buying access through Dridex infections... . More...
UPDATED: 5/10/2019
According to CrowdStrike, this actor is using FrameworkPOS, potentially buying access through Dridex infections... . More...
UPDATED: 5/10/2019
This suspected Iran-based adversary conducted long-running SWC campaigns from December 2016 until public disclosure in July 2018. Like other Iran-based actors, the target scope for FLASH KITTEN appears to be focused on the MENA region... . More...
UPDATED: 5/10/2019
In the first quarter of 2018, CrowdStrike Intelligence identified NOMAD PANDA activity targeting Central Asian nations with exploit documents built with the 8.t tool... . More...
UPDATED: 5/10/2019
One of the first observed adopters of the 8.t exploit document builder in late 2017, further KRYPTONITE PANDA activity was limited in 2018. Last known activity for this adversary occurred in June 2018 and involved suspected targeting of Cam.. . More...
UPDATED: 5/10/2019
This adversary is suspected of continuing to target upstream providers (e.g., law firms and managed service providers) to support additional intrusions against high-profile assets. In 2018, CrowdStrike observed this adversary using spear-ph.. . More...
UPDATED: 5/10/2019
Beginning in January 2018 and persisting through the first half of the year, CrowdStrike Intelligence observed SALTY SPIDER, developer and operator of the long-running Sality botnet, distribute malware designed to target cryptocurrency user.. . More...
UPDATED: 5/10/2019
Early in 2018, CrowdStrike Intelligence observed GURU SPIDER supporting the distribution of multiple crimeware families through its flagship malware loader, Quant Loader... . More...
UPDATED: 5/10/2019
First observed in January 2018, GandCrab ransomware quickly began to proliferate and receive regular updates from its developer, PINCHY SPIDER, which over the course of the year established a RaaS operation with a dedicated set of affiliate.. . More...
  Page 2 of 71