G0115 · 9 ATT&CK techniques · 0 correlated reports

GOLD SOUTHFIELD

Aliases: Pinchy Spider

GOLD SOUTHFIELD is a financially motivated threat group active since at least 2018 that operates the REvil Ransomware-as-a Service (RaaS). GOLD SOUTHFIELD provides backend infrastructure for affiliates recruited on underground forums to perpetrate high value deployments. By early 2020, GOLD SOUTHFIELD started capitalizing on the new trend of stealing data and further extorting the victim to pay for their data to not get publicly leaked.

Open interactive actor investigation

ATT&CK techniques

T1199
Trusted Relationship T1190
Exploit Public-Facing Application T1113
Screen Capture T1219
Remote Access Software T1195.002
Compromise Software Supply Chain T1027.010
Command Obfuscation T1133
External Remote Services T1059.001
PowerShell T1566
Phishing

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research