Twisted Spider

GPTKB entity

Statements (50)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart 2016
gptkbp:alsoKnownAs gptkb:UNC1878
gptkb:Wizard_Spider
gptkbp:associatedWith gptkb:Evil_Corp
gptkb:TA505
gptkb:FIN6
gptkbp:connectsTo gptkb:Conti_ransomware_group
gptkb:Ryuk_ransomware_group
gptkb:TrickBot_group
gptkbp:countryOfOrigin gptkb:Russia
https://www.w3.org/2000/01/rdf-schema#label Twisted Spider
gptkbp:infrastructure gptkb:Tor_network
cryptocurrency payments
bulletproof hosting
gptkbp:mainLanguage gptkb:Russian
gptkbp:motive financial gain
gptkbp:notableBattle gptkb:Universal_Health_Services_ransomware_attack_(2020)
Ireland Health Service Executive ransomware attack (2021)
gptkbp:notableFor gptkb:Conti_ransomware
gptkb:TrickBot_malware
gptkb:Ryuk_ransomware
double extortion ransomware attacks
gptkbp:status active
gptkbp:tactics data exfiltration
living off the land
lateral movement
privilege escalation
network reconnaissance
credential dumping
domain controller compromise
remote desktop protocol exploitation
email compromise
gptkbp:target private companies
healthcare sector
government organizations
gptkbp:technique phishing
malware deployment
ransomware-as-a-service
gptkbp:uses gptkb:Ryuk
gptkb:Cobalt_Strike
gptkb:Conti
gptkb:Anchor
gptkb:Emotet
gptkb:BazarBackdoor
gptkb:Sidoh
gptkb:BazarLoader
gptkb:TrickBot
gptkbp:bfsParent gptkb:Operation_Wocao
gptkbp:bfsLayer 7