Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Also known as: Wizard Spider, Grim Spider, TEMP.MixMaster, Gold Blackburn, Gold Ulrick, ITG23, DEV-0193, Storm-0230, Periwinkle Tempest, G0102, GOLD ULRICK, GOLD BLACKBURN, FIN12, Storm-0193, Trickbot LLC, UNC2053, Pistachio Tempest, DEV-0237, UNC1878
Wizard Spider is reportedly associated with Lunar Spider . ( Crowdstrike ) The Wizard Spider threat group is the Russia-based operator of the TrickBot banking malware. This group represents a growing criminal enterprise of which Grim Spider appears to be a subset. The Lunar Spider threat group is the Eastern European-based operator and developer of the commodity banking malware called BokBot (aka IcedID), which was first observed in April 2017. The BokBot malware provides Lunar Spider affiliates with a variety of capabilities to enable credential theft and wire fraud, through the use of webinjects and a malware distribution function. Dyre has been observed to be distributed by Cutwail (operated by Narwhal Spider ), as well as their own botnets Gophe and Upatre. TrickBot has been observed to be distributed via Emotet (operated by Mummy Spider, TA542 ), BokBot (operated by Lunar Spider ), Smoke Loader (operated by Smoky Spider ), DanaBot (operated by Scully Spider, TA547 ), Kelihos (operated by Zombie Spider ), Necurs (operated by Monty Spider ) and Taurus Loader (operated by Venom Spider, Golden Chickens ), as well as their own botnet Gophe.
No exploited CVEs have been attributed to this threat actor yet.
Browse CVE Database