SYMBOLCOMMON_NAMEaka. SYNONYMS

BOSS SPIDER  (Back to overview)

aka: GOLD LOWELL

Throughout 2018, CrowdStrike Intelligence tracked BOSS SPIDER as it regularly updated Samas ransomware and received payments to known Bitcoin (BTC) addresses. This consistent pace of activity came to an abrupt halt at the end of November 2018 when the U.S. DoJ released an indictment for Iran-based individuals Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, alleged members of the group.


Associated Families

There are currently no families associated with this actor.


References
2020SecureworksSecureWorks
@online{secureworks:2020:gold:7ea3b30, author = {SecureWorks}, title = {{GOLD LOWELL}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/gold-lowell}, language = {English}, urldate = {2020-05-23} } GOLD LOWELL
SamSam BOSS SPIDER
2019CrowdStrikeCrowdStrike
@online{crowdstrike:2019:2019:2c268c8, author = {CrowdStrike}, title = {{2019 CrowdStrike Global Threat Report}}, date = {2019}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/}, language = {English}, urldate = {2020-07-16} } 2019 CrowdStrike Global Threat Report
APT40 BOSS SPIDER FIN6 Flash Kitten GURU SPIDER LUNAR SPIDER NOMAD PANDA PINCHY SPIDER RATPAK SPIDER SALTY SPIDER TINY SPIDER
2019CrowdStrikeCrowdStrike
@techreport{crowdstrike:2019:2019:4e50c97, author = {CrowdStrike}, title = {{2019 CrowdStrike Global Threat Report}}, date = {2019}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2019GlobalThreatReport.pdf}, language = {English}, urldate = {2020-07-15} } 2019 CrowdStrike Global Threat Report
BOSS SPIDER Flash Kitten GURU SPIDER LUNAR SPIDER NOMAD PANDA PINCHY SPIDER RATPAK SPIDER SALTY SPIDER TINY SPIDER
2018-02-15SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20180215:samsam:bd6d65d, author = {Counter Threat Unit ResearchTeam}, title = {{SamSam Ransomware Campaigns}}, date = {2018-02-15}, organization = {Secureworks}, url = {https://www.secureworks.com/research/samsam-ransomware-campaigns}, language = {English}, urldate = {2021-05-28} } SamSam Ransomware Campaigns
MimiKatz reGeorg SamSam BOSS SPIDER
2018-02-15SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20180215:samsam:cb3f804, author = {Counter Threat Unit ResearchTeam}, title = {{SamSam: Converting Opportunity into Profit}}, date = {2018-02-15}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/samsam-converting-opportunity-into-profit}, language = {English}, urldate = {2021-05-28} } SamSam: Converting Opportunity into Profit
SamSam BOSS SPIDER
2016-05-03SecureworksKevin Strickland
@online{strickland:20160503:continuing:b510b54, author = {Kevin Strickland}, title = {{The Continuing Evolution of Samas Ransomware}}, date = {2016-05-03}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/samas-ransomware}, language = {English}, urldate = {2021-05-28} } The Continuing Evolution of Samas Ransomware
SamSam BOSS SPIDER
2016-03-30SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20160330:ransomware:d1b6fe3, author = {Counter Threat Unit ResearchTeam}, title = {{Ransomware Deployed by Adversary with Established Foothold}}, date = {2016-03-30}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/ransomware-deployed-by-adversary}, language = {English}, urldate = {2021-05-28} } Ransomware Deployed by Adversary with Established Foothold
MimiKatz reGeorg SamSam BOSS SPIDER

Credits: MISP Project