Threat actor · G0102
Wizard Spider
Also known as UNC1878, TEMP.MixMaster, Grim Spider, FIN12, GOLD BLACKBURN, ITG23, Periwinkle Tempest, DEV-0193, Pistachio Tempest, DEV-0237.
Wizard Spider is a Russia-based financially motivated threat group originally known for the creation and deployment of TrickBot since at least 2016. Wizard Spider possesses a diverse arsenal of tools and has conducted ransomware campaigns against a variety of organizations, ranging from major corporations to hospitals.
ATT&CK techniques
64 mappedT1003.001T1003.002T1003.003T1005T1016T1018T1021T1021.001T1021.002T1021.006T1027.010T1033T1036.004T1041T1047T1048.003T1053.005T1055T1055.001T1059.001T1059.003T1070.004T1071.001T1074T1074.001T1078T1078.002T1082T1087.002T1105T1112T1133T1135T1136.001T1136.002T1197T1204.001T1204.002T1210T1218.011T1222.001T1489T1490T1518.001T1518.002T1543.003T1547.001T1547.004T1550.002T1552.006T1553.002T1555.004T1557.001T1558.003T1560.001T1566.001T1566.002T1567.002T1569.002T1570T1585.002T1588.002T1588.003T1685