{
	"id": "0ffc9774-eb5b-4860-a6b6-6f6e7f9154db",
	"created_at": "2026-04-06T00:13:58.495717Z",
	"updated_at": "2026-04-10T03:33:41.85563Z",
	"deleted_at": null,
	"sha1_hash": "6130dc3cc4f10b59382e3f56f811475ff60a7ab4",
	"title": "Ransom Mafia - Analysis of the World's First Ransomware Cartel | Analyst1",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 152546,
	"plain_text": "Ransom Mafia - Analysis of the World's First Ransomware Cartel |\r\nAnalyst1\r\nBy Analyst1\r\nPublished: 2021-04-07 · Archived: 2026-04-02 12:04:28 UTC\r\nIn February 2021, a multinational law enforcement task-force arrested several Ukrainian men for supporting a\r\nlong-standing ransomware gang known as Twisted Spider1. First seen in May 2019, the gang was behind high-dollar enterprise ransomware attacks. Unfortunately, the arrests in February had little impact; Twisted Spider\r\ncontinued their operations several weeks later in March 2021. Twisted Spider often makes headlines, but it’s not\r\nonly due to their attacks. In June 2020, the gang put out a press release, claiming they joined forces with several\r\nother well-known ransomware attackers to create a criminal cartel. If true, this collaborative partnership would\r\npose a far greater threat to the community than attacks from smaller individual gangs by themselves.\r\nYou may also like:\r\nSource: https://analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel\r\nhttps://analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://analyst1.com/blog/ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel"
	],
	"report_names": [
		"ransom-mafia-analysis-of-the-worlds-first-ransomware-cartel"
	],
	"threat_actors": [
		{
			"id": "e9f85280-337c-4321-b872-0919f8ef64a6",
			"created_at": "2022-10-25T16:07:24.261761Z",
			"updated_at": "2026-04-10T02:00:04.914455Z",
			"deleted_at": null,
			"main_name": "TA2101",
			"aliases": [
				"Gold Village",
				"Maze Team",
				"TA2101",
				"Twisted Spider"
			],
			"source_name": "ETDA:TA2101",
			"tools": [
				"7-Zip",
				"Agentemis",
				"BokBot",
				"Buran",
				"ChaCha",
				"Cobalt Strike",
				"CobaltStrike",
				"Egregor",
				"IceID",
				"IcedID",
				"Mimikatz",
				"PsExec",
				"SharpHound",
				"VegaLocker",
				"WinSCP",
				"cobeacon",
				"nmap"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "c3c864b3-fac9-4d56-8500-7c06c829fbf8",
			"created_at": "2023-01-06T13:46:39.071873Z",
			"updated_at": "2026-04-10T02:00:03.203749Z",
			"deleted_at": null,
			"main_name": "TA2101",
			"aliases": [
				"GOLD VILLAGE",
				"Storm-0216",
				"DEV-0216",
				"UNC2198",
				"TUNNEL SPIDER",
				"Maze Team",
				"TWISTED SPIDER"
			],
			"source_name": "MISPGALAXY:TA2101",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434438,
	"ts_updated_at": 1775792021,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6130dc3cc4f10b59382e3f56f811475ff60a7ab4.pdf",
		"text": "https://archive.orkl.eu/6130dc3cc4f10b59382e3f56f811475ff60a7ab4.txt",
		"img": "https://archive.orkl.eu/6130dc3cc4f10b59382e3f56f811475ff60a7ab4.jpg"
	}
}