{ "id": "63e3b7bb-4c3e-4725-8d89-9211d8ec62ca", "created_at": "2026-04-06T00:21:30.671167Z", "updated_at": "2026-04-10T03:28:46.843184Z", "deleted_at": null, "sha1_hash": "cd8be69a448d38cb872eb9e53fba3e20cd3b691d", "title": "Slippy Spider Adversary Profile | CrowdStrike", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1033038, "plain_text": "Slippy Spider Adversary Profile | CrowdStrike\r\nArchived: 2026-04-05 18:31:53 UTC\r\nDiscover the adversaries targeting your industry\r\n Back to Adversary Universe\r\nSLIPPY SPIDER is an extortion group that predominantly conducts theft and leak operations as well as occasional\r\nwebsite defacements, dox attacks, and DNS-hijacking operations. Open-source reporting has labeled SLIPPY\r\nSPIDER as a ransomware group, but this appears to be inaccurate; one member has previously been associated\r\nwith the ransomware variant Ngwen, but as of November 2025, CrowdStrike Inte...\r\nhttps://www.crowdstrike.com/adversaries/slippy-spider/\r\nPage 1 of 3\n\nSlippy Spider\r\neCrime\r\nCommunity Identifiers\r\nLAPSUS, Strawberry Tempest, DEV-0537, Lapsus$ Group, Lapsus$\r\nObjective\r\nFinancial Gain, Destruction\r\nWho's targeting your industry?\r\nToday's adversaries are faster, smarter, and better resourced. Know who they are and how to stop them.\r\nView adversaries\r\nhttps://www.crowdstrike.com/adversaries/slippy-spider/\r\nPage 2 of 3\n\nCrowdStrike 2025 Threat Hunting Report\r\nAdversaries weaponize and target AI at scale.\r\nSource: https://www.crowdstrike.com/adversaries/slippy-spider/\r\nhttps://www.crowdstrike.com/adversaries/slippy-spider/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.crowdstrike.com/adversaries/slippy-spider/" ], "report_names": [ "slippy-spider" ], "threat_actors": [ { "id": "be5097b2-a70f-490f-8c06-250773692fae", "created_at": "2022-10-27T08:27:13.22631Z", "updated_at": "2026-04-10T02:00:05.311385Z", "deleted_at": null, "main_name": "LAPSUS$", "aliases": [ "LAPSUS$", "DEV-0537", "Strawberry Tempest" ], "source_name": "MITRE:LAPSUS$", "tools": [ "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "d4b9608d-af69-43bc-a08a-38167ac6306a", "created_at": "2023-01-06T13:46:39.335061Z", "updated_at": "2026-04-10T02:00:03.291149Z", "deleted_at": null, "main_name": "LAPSUS", "aliases": [ "Lapsus", "LAPSUS$", "DEV-0537", "SLIPPY SPIDER", "Strawberry Tempest", "UNC3661" ], "source_name": "MISPGALAXY:LAPSUS", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2347282d-6b88-4fbe-b816-16b156c285ac", "created_at": "2024-06-19T02:03:08.099397Z", "updated_at": "2026-04-10T02:00:03.663831Z", "deleted_at": null, "main_name": "GOLD RAINFOREST", "aliases": [ "Lapsus$", "Slippy Spider ", "Strawberry Tempest " ], "source_name": "Secureworks:GOLD RAINFOREST", "tools": [ "Mimikatz" ], "source_id": "Secureworks", "reports": null }, { "id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b", "created_at": "2022-10-25T16:07:24.503878Z", "updated_at": "2026-04-10T02:00:05.014316Z", "deleted_at": null, "main_name": "Lapsus$", "aliases": [ "DEV-0537", "G1004", "Slippy Spider", "Strawberry Tempest" ], "source_name": "ETDA:Lapsus$", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434890, "ts_updated_at": 1775791726, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/cd8be69a448d38cb872eb9e53fba3e20cd3b691d.pdf", "text": "https://archive.orkl.eu/cd8be69a448d38cb872eb9e53fba3e20cd3b691d.txt", "img": "https://archive.orkl.eu/cd8be69a448d38cb872eb9e53fba3e20cd3b691d.jpg" } }