Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 21:22:54 UTC
Home > List all groups > List all tools > List all groups using tool Philadelphia
 Tool: Philadelphia
Names
Philadelphia
Philadephia Ransom
Category Malware
Type Ransomware
Description
(Proofpoint) Philadelphia ransomware is a relatively new ransomware variant, first observed in
September of last year. Designed as an easy-to-use piece of malicious software with low
barriers to entry for new ransomware actors, Philadelphia is simple to customize and deploy.
Although we most often associate ransomware, including Philadelphia, with large-scale, 'spray
and pray' campaigns that send high message volumes to a wide spectrum of consumers and
organizations, we are beginning to see significant differentiation among attacks, ransoms,
scale, and even targeting.
Information
Malpedia Playbook Last change to this tool card: 28 December 2022
Download this tool card in JSON format
All groups using tool Philadelphia
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=58230bfb-6d86-434a-90ed-5c4495d89984
Page 1 of 2

APT groups
  TA505, Graceful Spider, Gold Evergreen 2006-Nov 2022
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=58230bfb-6d86-434a-90ed-5c4495d89984
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=58230bfb-6d86-434a-90ed-5c4495d89984
Page 2 of 2