Indrik Spider
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 27/03/2026 01:13
- Updated at
- 27/03/2026 01:13
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 42 attack patterns (mitre), 13 malware, 9 indicators, 4 tool
Aliases
Manatee Tempest DEV-0243 UNC2165 Evil Corp
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Attack patterns (MITRE) (42)
-
T1027 usesObfuscated Files or Information
-
T1059 usesCommand and Scripting Interpreter
-
T1003.001 usesLSASS Memory
-
T1136.001 usesLocal Account
-
T1059.007 usesJavaScript
-
T1059.003 usesWindows Command Shell
-
T1482 usesDomain Trust Discovery
-
T1587.001 usesMalware
-
T1012 usesQuery Registry
-
Email Accounts usesT1585.002
-
T1189 usesDrive-by Compromise
-
T1074.001 usesLocal Data Staging
-
T1555.005 usesPassword Managers
-
T1590 usesGather Victim Network Information
-
T1047 usesWindows Management Instrumentation
-
T1112 usesModify Registry
-
T1583 usesAcquire Infrastructure
-
T1136 usesCreate Account
-
T1204.002 usesMalicious File
-
T1007 usesSystem Service Discovery
-
T1070.001 usesClear Windows Event Logs
-
T1584 usesCompromise Infrastructure
-
T1036.005 usesMatch Legitimate Resource Name or Location
-
T1552.001 usesCredentials In Files
-
T1486 usesData Encrypted for Impact
-
T1078.002 usesDomain Accounts
-
T1489 usesService Stop
-
T1558.003 usesKerberoasting
-
T1018 usesRemote System Discovery
-
T1021.001 usesRemote Desktop Protocol
-
T1105 usesIngress Tool Transfer
-
T1584.004 usesServer
-
T1567.002 usesExfiltration to Cloud Storage
-
T1078 usesValid Accounts
-
T1059.001 usesPowerShell
-
T1562.001 usesDisable or Modify Tools
-
T1518 usesSoftware Discovery
-
T1484.001 usesGroup Policy Modification
-
T1016 usesSystem Network Configuration Discovery
-
T1021.004 usesSSH
Malware (13)
-
Cobalt Strike usesFamilyPublished 16/12/2024 14:25 · Modified 16/12/2024 14:25
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
- WastedLocker
-
NetSupport RAT usesFamilyPublished 22/05/2026 13:08 · Modified 22/05/2026 13:08
-
Egregor - S0554 usesFamilyPublished 24/07/2024 08:09 · Modified 24/07/2024 08:09
-
SocGholish usesFamilyPublished 12/06/2026 21:29 · Modified 12/06/2026 21:29
-
BadSpace usesFamilyPublished 24/07/2024 08:09 · Modified 24/07/2024 08:09
- Dridex
- BitPaymer
-
Zloader usesFamilyPublished 22/09/2025 19:40 · Modified 22/09/2025 19:40
-
Ryuk - S0446 usesFamilyPublished 30/09/2025 05:15 · Modified 30/09/2025 05:15
-
RedLine Stealer usesFamilyPublished 14/12/2024 07:04 · Modified 14/12/2024 07:04
-
Lumma Stealer usesFamilyPublished 08/06/2026 19:36 · Modified 08/06/2026 19:36
Indicators (9)
-
gitbrancher.comindicates -
78ddcf7ce945cfa92e640c53462174b21601506b39dec9731212d7d4ef8aa74dindicates -
tropicalforestproducts.comindicates -
asyncawaitapi.comindicates -
supremeceilings.co.zaindicates -
sticky.oystergardening.nameindicates -
rastek.idindicates -
http://africa.thesmalladventureguide.com/7nwh~indicates -
f0fbc29c86cd84ac18aeeee38de05c32fee95d6fa49425021ce0e3d3b13d2d05indicates
Tool (4)
-
Donut usesThe MITRE Corporation Confidence 100
[Donut](https://attack.mitre.org/software/S0695) is an open source framework used to generate position-independent shellcode.(Citation: Donut Github)(Citation: Introducing Donut) [Donut](https://attack.mitre.org/software/S0695) generated code has been used by multiple threat actors to inject and …
Published 25/03/2022 14:35 · Modified 27/03/2026 01:07 -
PsExec usesThe MITRE Corporation Confidence 100
[PsExec](https://attack.mitre.org/software/S0029) is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.(Citation: Russinovich Sysinternals)(Citation: SANS …
Published 31/05/2017 23:32 · Modified 27/03/2026 01:07 -
Mimikatz usesThe MITRE Corporation Confidence 100
[Mimikatz](https://attack.mitre.org/software/S0002) is a credential dumper capable of obtaining plaintext Windows account logins and passwords, along with many other features that make it useful for testing the security of …
Published 31/05/2017 23:32 · Modified 27/03/2026 01:07 -
Empire usesThe MITRE Corporation Confidence 100
[Empire](https://attack.mitre.org/software/S0363) is an open-source, cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python, the post-exploitation agents …
Published 11/03/2019 15:13 · Modified 27/03/2026 01:07