APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
Evil Corp (aka Evil Corp, DEV-0243) · APT Atlas
Actors
/
Cybercrime
/
Europe
Evil Corp
CRIME
RU · Russia
AKA
DEV-0243 · TA505 (overlap)
CrowdStrike
:
INDRIK SPIDER
Microsoft
:
Manatee Tempest
Secureworks
:
GOLD DRAKE
Russian-speaking cybercriminal syndicate behind Dridex banking malware and ransomware.
Targets
11
Sectors
17
Threat types
2
GIRs covered
0/480
Active since
2007
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 11 countries
Region filter
Export
origin · Russia
targeted countries · 11
EUROPE ·
7
Austria
·
Switzerland
·
Germany
·
Spain
·
France
·
United Kingdom
·
Italy
OCEANIA ·
2
Australia
·
New Zealand
AMERICAS ·
2
Canada
·
United States
Sectors targeted
17 of 40
Government
83 actors
Aviation
19 actors
Financial Services
61 actors
Cryptocurrency
17 actors
Healthcare
38 actors
Telecom
57 actors
Retail & Hospitality
25 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Oil and Gas
19 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Media & Journalism
41 actors
Real Estate
7 actors
Hospitality
26 actors
Consulting / Professional Services
26 actors
Consumer Goods / Electronics
16 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
FIN · Financial Fraud
RAN · Ransomware
MITRE ATT&CK · 25 techniques
Reconnaissance
· 1
T1590
Gather Victim Network Information
Resource Development
· 1
T1583
Acquire Infrastructure
Execution
· 4
T1047
Windows Management Instrumentation
Persistence
· 1
T1136
Create Account
Credential Access
· 4
T1003.001
LSASS Memory
Discovery
· 3
T1007
System Service Discovery
T1012
Query Registry
Lateral Movement
· 2
T1021.001
Remote Desktop Protocol
T1021.004
SSH
Exfiltration
· 1
T1567.002
Exfiltration to Cloud Storage
Impact
· 2
T1486
Data Encrypted for Impact
Command And Control
· 1
T1105
Ingress Tool Transfer
Defense Impairment
· 2
T1112
Modify Registry
Stealth
· 3
T1036.005
Match Legitimate Resource Name or Location
T1078
Valid Accounts
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT28
nation-state
Russia · 0 targets · since 2007
APT44
nation-state
Russia · 25 targets · since 2009
FIN2
cybercrime
unattributed · 0 targets · since —
FIN3
cybercrime
unattributed · 1 targets · since —
FIN6
cybercrime
Russia · 15 targets · since 2014
FIN10
cybercrime
unattributed · 1 targets · since 2013
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1059.007
JavaScript
T1552.001
Credentials In Files
T1555.005
Password Managers
T1558.003
Kerberoasting
T1018
Remote System Discovery
T1489
Service Stop
T1685
Disable or Modify Tools
T1078.002
Domain Accounts