| SYMBOL | COMMON_NAME | aka. SYNONYMS |
PROPHET SPIDER is an eCrime actor, active since at least May 2017, that primarily gains access to victims by compromising vulnerable web servers, which commonly involves leveraging a variety of publicly disclosed vulnerabilities. The adversary has likely functioned as an access broker — handing off access to a third party to deploy ransomware — in multiple instances.
There are currently no families associated with this actor.
| 2023-03-23
⋅
Mandiant
⋅
UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor HOLERUN LIGHTBUNNY Prophet Spider |
| 2022-03-07
⋅
CrowdStrike
⋅
PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell Prophet Spider |
| 2021-08-04
⋅
CrowdStrike
⋅
PROPHET SPIDER Exploits Oracle WebLogic to Facilitate Ransomware Activity Cobalt Strike Egregor Mount Locker Prophet Spider |