Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER

Mummy Spider Blog

Enter to win a stunning CrowdStrike 2018 Adversary Calendar featuring MUMMY SPIDER and more.

In continuance of our monthly blog post to introduce a new threat actor, February 2018 features a criminally motivated actor we call MUMMY SPIDER. This actor is associated with the malware commonly known as Emotet or Geodo.

MUMMY SPIDER is a criminal entity linked to the core development of the malware most commonly known as Emotet or Geodo. First observed in mid-2014, this malware shared code with the Bugat (aka Feodo) banking Trojan. However, MUMMY SPIDER swiftly developed the malware’s capabilities to include an RSA key exchange for command and control (C2) communication and a modular architecture.

MUMMY SPIDER does not follow typical criminal behavioral patterns. In particular, MUMMY SPIDER usually conducts attacks for a few months before ceasing operations for a period of between three and 12 months, before returning with a new variant or version. After a 10 month hiatus, MUMMY SPIDER returned Emotet to operation in December 2016 but the latest variant is not deploying a banking Trojan module with web injects, it is currently acting as a ‘loader’ delivering other malware packages. The primary modules perform reconnaissance on victim machines, drop freeware tools for credential collection from web browsers and mail clients and a spam plugin for self-propagation. The malware is also issuing commands to download and execute other malware families such as the banking Trojans Dridex and Qakbot.

MUMMY SPIDER advertised Emotet on underground forums until 2015, at which time it became private. Therefore, it is highly likely that Emotet is operated solely for use by MUMMY SPIDER or with a small trusted group of customers.

To learn more about how to incorporate intelligence on threat actors like MUMMY SPIDER please visit the Falcon Intelligence product page.

Tells us why threat intelligence is critical to effective cybersecurity and you could receive a coveted Adversary Calendar featuring a different adversary each month. Enter to win!

CrowdStrike Falcon Free Trial

Adam Meyers

Adam Meyers has authored numerous papers for peer-reviewed industry venues and has received awards for his dedication to the information security industry. As Vice President of Intelligence for Crowdstrike, Meyers oversees all of CrowdStrike’s intelligence gathering and cyber-adversarial monitoring activities. Previously, Meyers was the Director of Cyber Security Intelligence with the National Products and Offerings Division of SRA International where he provided technical expertise at the tactical level and strategic guidance on overall security program objectives.

 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial