GOLD SOUTHFIELD

Active

Also known as: GOLD SOUTHFIELD, Pinchy Spider

🌍

Other

Active Since

2020

MITRE ID

G0115

Techniques

[GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) is a financially motivated threat group active since at least 2018 that operates the [REvil](https://attack.mitre.org/software/S0496) Ransomware-as-a Service (RaaS). [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) provides backend infrastructure for affiliates recruited on underground forums to perpetrate high value deployments. By early 2020, [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) started capitalizing on the new trend of stealing data and further extorting the victim to pay for their data to not get publicly leaked.(Citation: Secureworks REvil September 2019)(Citation: Secureworks GandCrab and REvil September 2019)(Citation: Secureworks GOLD SOUTHFIELD)(Citation: CrowdStrike Evolution of Pinchy Spider July 2021)

MITRE ATT&CK Techniques

Recon0

Resource0

Initial4

T1195.002Compromise Software Supply Chain

T1190Exploit Public-Facing Application

T1566Phishing

T1199Trusted Relationship

Exec1

T1059.001PowerShell

Persist1

T1133External Remote Services

PrivEsc0

Defense1

T1027.010Command Obfuscation

Creds0

Discovery0

Lateral0

Collect1

T1113Screen Capture

C21

T1219Remote Access Tools

Exfil0

Impact0

Known Victims

live · just now

No victims recorded in ransomware.live for this group.