| SYMBOL | COMMON_NAME | aka. SYNONYMS |
According to CrowdStrike, this actor is using BokBok/IcedID, potentially buying distribution through Emotet infections. On March 17, 2019, CrowdStrike Intelligence observed the use of a new BokBot (developed and operated by LUNAR SPIDER) proxy module in conjunction with TrickBot (developed and operated by WIZARD SPIDER), which may provide WIZARD SPIDER with additional tools to steal sensitive information and conduct fraudulent wire transfers. This activity also provides further evidence to support the existence of a flourishing relationship between these two actors. Lunar Spider is reportedly associated withGrim Spider and Wizard Spider.
There are currently no families associated with this actor.
| 2020-01-01
⋅
Secureworks
⋅
GOLD SWATHMORE GlobeImposter Gozi IcedID TrickBot LUNAR SPIDER |
| 2019-03-20
⋅
CrowdStrike
⋅
New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration LUNAR SPIDER WIZARD SPIDER |
| 2019-02-15
⋅
CrowdStrike
⋅
“Sin”-ful SPIDERS: WIZARD SPIDER and LUNAR SPIDER Sharing the Same Web Dyre IcedID TrickBot Vawtrak LUNAR SPIDER WIZARD SPIDER |
| 2019-01-01
⋅
CrowdStrike
⋅
2019 CrowdStrike Global Threat Report APT40 BOSS SPIDER FIN6 Flash Kitten GURU SPIDER LUNAR SPIDER NOMAD PANDA PINCHY SPIDER RATPAK SPIDER SALTY SPIDER TINY SPIDER |
| 2019-01-01
⋅
CrowdStrike
⋅
2019 CrowdStrike Global Threat Report BOSS SPIDER Flash Kitten GURU SPIDER LUNAR SPIDER NOMAD PANDA PINCHY SPIDER RATPAK SPIDER SALTY SPIDER TINY SPIDER |