ANTHROPOID SPIDER  (Back to overview)

aka: Empire Monkey, CobaltGoblin

Publicly known as 'EmpireMonkey', ANTHROPOID SPIDER conducted phishing campaigns in February and March 2019, spoofing French, Norwegian and Belizean financial regulators and institutions. These campaigns used macro-enabled Microsoft documents to deliver the PowerShell Empire post-exploitation framework. ANTHROPOID SPIDER likely enabled a breach that allegedly involved fraudulent transfers over the SWIFT network.

Associated Families

There are currently no families associated with this actor.

@techreport{crowdstrike:20200304:2020:818c85f, author = {CrowdStrike}, title = {{2020 CrowdStrike Global Threat Report}}, date = {2020-03-04}, institution = {CrowdStrike}, url = {}, language = {English}, urldate = {2020-07-24} } 2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2019-05-08Kaspersky LabsKaspersky Labs
@online{labs:20190508:fin7:6874fc6, author = {Kaspersky Labs}, title = {{Fin7 hacking group targets more than 130 companies after leaders’ arrest}}, date = {2019-05-08}, organization = {Kaspersky Labs}, url = {}, language = {English}, urldate = {2020-03-22} } Fin7 hacking group targets more than 130 companies after leaders’ arrest
@online{fortiguard:20190228:empiremonkey:9163175, author = {FortiGuard}, title = {{EmpireMonkey malware distribution}}, date = {2019-02-28}, organization = {Fortiguard}, url = {}, language = {English}, urldate = {2020-03-22} } EmpireMonkey malware distribution

Credits: MISP Project