GOLD SOUTHFIELD

Threat Actors · GOLD SOUTHFIELD

· ATT&CK GroupG0115

Pinchy Spider

Techniques

Software

Tactics

Aliases

Description

GOLD SOUTHFIELD is a financially motivated threat group active since at least 2018 that operates the REvil Ransomware-as-a Service (RaaS). GOLD SOUTHFIELD provides backend infrastructure for affiliates recruited on underground forums to perpetrate high value deployments. By early 2020, GOLD SOUTHFIELD started capitalizing on the new trend of stealing data and further extorting the victim to pay for their data to not get publicly leaked.(Citation: Secureworks REvil September 2019)(Citation: Secureworks GandCrab and REvil September 2019)(Citation: Secureworks GOLD SOUTHFIELD)(Citation: CrowdStrike Evolution of Pinchy Spider July 2021)

Tactic Coverage

initial access (5)stealth (1)execution (1)collection (1)persistence (1)command and control (1)

Techniques Used (9)

T1027.010Command Obfuscation

stealth

T1059.001PowerShell

execution

T1113Screen Capture

collection

T1133External Remote Services

persistenceinitial access

T1190Exploit Public-Facing Application

initial access

Registration Required

Create a free account to access full Threat Actor Techniques

Showing 5 of 9 results

✓ Personal dashboard✓ Track 1 vendor/product✓ 1 keyword alert✓ Weekly digest✓ 1 CSV export/month

Already have an account? Sign in →

Software Used (2)

S0591ConnectWisetool S0496REvilmalware

References (6)

https://attack.mitre.org/groups/G0115 https://www.secureworks.com/research/revil-sodinokibi-ransomware https://www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/https://www.secureworks.com/blog/revil-the-gandcrab-connection https://www.secureworks.com/research/threat-profiles/gold-southfield