Timelining GRIM SPIDER's Big Game Hunting Tactics

<!DOCTYPE HTML> <html lang="en-US" hrefLang="en-US" data-wcmmode-disabled="true"> <head> <meta charset="UTF-8"/> <title>Timelining GRIM SPIDER's Big Game Hunting Tactics | CrowdStrike</title> <meta name="description" content="Learn how CrowdStrike Services uses the ATT&CK framework to map a timeline of GRIM SPIDER's big game hunting tactics, from initial access to ransomware deployment."/> <meta name="template" content="crowdstrike-blog-detail-page"/> <meta name="MobileOptimized" content="width"/> <meta name="HandheldFriendly" content="true"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <meta http-equiv="x-ua-compatible" content="ie=edge"/> <meta property="twitter:card" content="summary"/> <script type="module"> window.RUM_BASE = window.origin; import { sampleRUM } from '/.rum/@adobe/helix-rum-js@%5E2/src/index.js'; window.hlx = window.hlx || {}; window.hlx.sampleRUM = sampleRUM; sampleRUM(); </script><link rel="canonical" href="https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/"/> <link rel="alternate" href="https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/" hreflang="en_US"/> <link rel="alternate" href="https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/" hreflang="x-default"/> <meta name="og:title" content="Timelining GRIM SPIDER's Big Game Hunting Tactics | CrowdStrike"/> <meta name="og:url" content="https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/"/> <meta name="og:type" content="website"/> <meta name="og:site_name" content="CrowdStrike.com"/> <meta name="og:image" content="https://www.crowdstrike.com/content/dam/crowdstrike/www/en-us/wp/2019/05/SPIDER-timeline-blog-1.png"/> <meta name="og:description" content="Learn how CrowdStrike Services uses the ATT&CK framework to map a timeline of GRIM SPIDER's big game hunting tactics, from initial access to ransomware deployment."/> <meta name="og:locale" content="en-US"/> <meta name="article:modified_time" content="2024-09-05T14:57:09"/> <meta name="twitter:title" content="Timelining GRIM SPIDER's Big Game Hunting Tactics | CrowdStrike"/> <meta name="twitter:description" content="Learn how CrowdStrike Services uses the ATT&CK framework to map a timeline of GRIM SPIDER's big game hunting tactics, from initial access to ransomware deployment."/> <meta name="twitter:image" content="https://www.crowdstrike.com/content/dam/crowdstrike/www/en-us/wp/2019/05/SPIDER-timeline-blog-1.png"/>  <script type="text/javascript" src="https://cdn.cookielaw.org/consent/bee15b7c-b632-450e-9003-9c8b60b3b978/OtAutoBlock.js" data-cfasync="false"></script> <script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" data-document-language="true" type="text/javascript" charset="UTF-8" data-domain-script="bee15b7c-b632-450e-9003-9c8b60b3b978" data-cfasync="false"> </script> <script type="text/javascript" data-cfasync="false"> function OptanonWrapper() { } </script>  <script type="text/javascript" data-cfasync="false"> !function(e,a,n,t){var i=e.head;if(i){ if (a) return; var o=e.createElement("style"); o.id="alloy-prehiding",o.innerText=n,i.appendChild(o),setTimeout(function(){o.parentNode&&o.parentNode.removeChild(o)},t)}} (document, document.location.href.indexOf("adobe_authoring_enabled") !== -1, "[data-target-location='true'] { opacity: 0 !important}", 3000); </script> <script type="text/javascript" src="//assets.adobedtm.com/d72cd986aea0/f7467a554824/launch-d9bfd4283ab8.min.js" async data-cfasync="false"></script>  <script src="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-global-analytics.lc-0dd91d958785c30dd4fd53534eada6ac-lc.min.js"></script>  <link rel="stylesheet" href="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-grid.lc-d75b4ada966a12a0acc4f4483174f716-lc.min.css" type="text/css"> <link rel="stylesheet" href="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-base.lc-61e1f474009a3adcff6cc95dde2309a3-lc.min.css" type="text/css">  <script src="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-language.lc-4418ee9ad99afc3c80f14f47d372a699-lc.min.js"></script>  <link rel="stylesheet" href="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-fonts.lc-475459b8ddb225de7aad82eaf0d465c8-lc.min.css" type="text/css"> <script src="/etc.clientlibs/clientlibs/granite/jquery.lc-f9e8e8c279baf6a1a278042afe4f395a-lc.min.js"></script> <script src="/etc.clientlibs/clientlibs/granite/utils.lc-899004cc02c33efc1f6694b1aee587fd-lc.min.js"></script> <script src="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-dependencies.lc-bb1dbdd53e32240429436d11ecb5f036-lc.min.js"></script> <link rel="stylesheet" href="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-dependencies.lc-2929dd9d69a653da2cf8fe429017e6b6-lc.min.css" type="text/css"> <link rel="stylesheet" href="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-common.lc-46f2832af74d869625e01c6ad034e021-lc.min.css" type="text/css"> <link rel="stylesheet" href="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-wp-fonts.lc-8331b9b52ac83a456cfdfa4a6b89a13a-lc.min.css" type="text/css"> <link rel="stylesheet" href="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-wp.lc-109c65903f667be0d6b6f0dc42abdf2a-lc.min.css" type="text/css"> <link rel="stylesheet" href="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-addsearch.lc-9ec670d697f03b52c220ce4969cfa19d-lc.min.css" type="text/css"> <link rel="icon" href="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-common/resources/favicon.ico"/>  </head> <body class="page_blogs page basicpage" data-disable-alertbar="false" data-alertbar-xf="/content/experience-fragments/crowdstrike-www/locale-sites/us/en-us/site/header/header-elements/alert/master" data-start-gradient="#EC0000" data-end-gradient="#1F60A2">  <div class="cmp-addsearch"> <input type="hidden" name="as_key" value="7737a29b854de71521b1cd72c4118cfc"/> <input type="hidden" name="as_domain" value="addsearch.com"/> </div> <div style="display: none;"> </div> <div class="root responsivegrid"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="experiencefragment aem-GridColumn aem-GridColumn--default--12"> <div id="experiencefragment-96c5406858" class="cmp-experiencefragment cmp-experiencefragment--header" data-target-location="false"> <div id="container-d3ee6ff6f5" class="cmp-container" data-cmp-is="responsive-grid-container"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="responsivegrid aem-GridColumn aem-GridColumn--default--12"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="header aem-GridColumn aem-GridColumn--default--12"><div class="cmp-wp-header blog_main_navigation"> <div data-selector="promoInsert" data-id="mainPromoBar"></div> <div data-selector="promoInsert" data-id="secondaryPromoBar"></div> <div id="blogNavInsertLocation"> <div class="cmp-wp-sociallinks-header"> <div class="blog_main_navigation_top" id="sociallinks-en-us-10-03-2024"> <div class="container"> <div class="row"> <div class="col-12"> <ul class="d-flex justify-content-end align-items-center"> <li id="searchBlog" class="mx-2"> <div data-cmp-is="add-search" id="search-header">  <button class="search_btn fa-solid fa-magnifying-glass" aria-label="Click to open Search menu"> </button>  <div class="modal-addsearch"> <span class="modal-addsearch__close"></span> <div class="modal-addsearch__content"> <div class="widget widget--addsearch"> <div class="widget__searchfield" id="searchfield"></div> <div class="modal-addsearch__scroll-box"> <div class="widget__results" id="results"></div> <div class="widget__load-more" id="loadMore"></div> </div> </div> </div> </div> </div> </li> <li class="mx-2"> <a href="https://www.twitter.com/CrowdStrike" target="_blank" aria-label="twitter"> <span class="fa-brands fa-x-twitter"></span> </a> </li> <li class="mx-2"> <a href="https://www.facebook.com/CrowdStrike" target="_blank" aria-label="facebook"> <span class="fa-brands fa-facebook"></span> </a> </li> <li class="mx-2"> <a href="https://www.linkedin.com/company/crowdstrike" target="_blank" aria-label="linkedin"> <span class="fa-brands fa-linkedin"></span> </a> </li> <li class="mx-2"> <a href="https://www.youtube.com/user/CrowdStrike" target="_blank" aria-label="youtube"> <span class="fa-brands fa-youtube"></span> </a> </li> <li class="ml-2"> <a href="mailto:mailto:info@crowdstrike.com" target="_blank" aria-label="envelope"> <span class="fa fa-envelope"></span> </a> </li> </ul> </div> </div> </div> </div> <div style="display: none;"> </div> </div> <div class="blog_main_navigation_bottom"> <div class="container" id="navigation-en-us-10-03-2024"> <div class="row"> <div class="col-12 d-flex align-items-center justify-content-between"> <div class="blog_main_navigation_bottom_site_logo d-flex align-items-center"> <a class="cmp-wp-logo crowdstrike_logo" data-target-location="false"> <img src="/content/experience-fragments/crowdstrike-www/locale-sites/us/en-us/site/blogs/header/header/master/_jcr_content/root/responsivegrid/header/navigation/logo.coreimg.svg/1727967127650/redlogocs.svg" alt="Crowdstrike"/> </a> <a class="blog_logo" href="/en-us/blog/" title="BLOG">BLOG</a> <div style="display: none;"> </div> </div> <ul class="blog_navigation_right" data-target-location="false"> <li class="blog_navigation_right_li_tab"> <a href="/en-us/blog/featured-articles/" class="blog_navigation_right_li_header">Featured</a> <ul class="horizontal_dropdown"> <li> <a href="/en-us/blog/mitre-center-for-threat-informed-defense-secure-ai-project-partnership/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/mitre-center-for-threat-informed-defense-secure-ai-project-partnership.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-7" alt="CrowdStrike Partners with MITRE Center for Threat-Informed Defense to Launch Secure AI Project" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">CrowdStrike Partners with MITRE Center for Threat-Informed Defense to Launch Secure AI Project</div> <div class="date">Nov 22, 2024</div> </div> </a> </li> <li> <a href="/en-us/blog/gulf-bank-saves-with-crowdstrike/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/gulf-bank-saves-with-crowdstrike.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog-1124_02_Gulf-Bank_Consolidating-with-CS" alt="Gulf Bank Swaps Four Security Products for the CrowdStrike Falcon Platform, Saving Time and Money" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">Gulf Bank Swaps Four Security Products for the CrowdStrike Falcon Platform, Saving Time and Money</div> <div class="date">Nov 22, 2024</div> </div> </a> </li> <li> <a href="/en-us/blog/smb-security-seamless-mobile-protection/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/smb-security-seamless-mobile-protection.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_03_SMB-Big-Protection" alt="CrowdStrike Strengthens SMB Security with Seamless Mobile Protection" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">CrowdStrike Strengthens SMB Security with Seamless Mobile Protection</div> <div class="date">Nov 21, 2024</div> </div> </a> </li> <li> <a href="/en-us/blog/cribl-partnership-crowdstream-expansion/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/cribl-partnership-crowdstream-expansion.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0324_02_Next-Gen_SIEM" alt="CrowdStrike and Cribl Expand Partnership with CrowdStream for Next-Gen SIEM" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">CrowdStrike and Cribl Expand Partnership with CrowdStream for Next-Gen SIEM</div> <div class="date">Nov 21, 2024</div> </div> </a> </li> </ul> </li> <li class="blog_navigation_right_li_tab"> <a href="/en-us/blog/recent-articles/" class="blog_navigation_right_li_header" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/recent-articles.html">Recent</a> <ul class="horizontal_dropdown"> <li> <a href="/en-us/blog/mitre-center-for-threat-informed-defense-secure-ai-project-partnership/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/mitre-center-for-threat-informed-defense-secure-ai-project-partnership.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-7" alt="CrowdStrike Partners with MITRE Center for Threat-Informed Defense to Launch Secure AI Project" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">CrowdStrike Partners with MITRE Center for Threat-Informed Defense to Launch Secure AI Project</div> <div class="date">Nov 22, 2024</div> </div> </a> </li> <li> <a href="/en-us/blog/gulf-bank-saves-with-crowdstrike/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/gulf-bank-saves-with-crowdstrike.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog-1124_02_Gulf-Bank_Consolidating-with-CS" alt="Gulf Bank Swaps Four Security Products for the CrowdStrike Falcon Platform, Saving Time and Money" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">Gulf Bank Swaps Four Security Products for the CrowdStrike Falcon Platform, Saving Time and Money</div> <div class="date">Nov 22, 2024</div> </div> </a> </li> <li> <a href="/en-us/blog/smb-security-seamless-mobile-protection/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/smb-security-seamless-mobile-protection.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_03_SMB-Big-Protection" alt="CrowdStrike Strengthens SMB Security with Seamless Mobile Protection" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">CrowdStrike Strengthens SMB Security with Seamless Mobile Protection</div> <div class="date">Nov 21, 2024</div> </div> </a> </li> <li> <a href="/en-us/blog/cribl-partnership-crowdstream-expansion/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/cribl-partnership-crowdstream-expansion.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0324_02_Next-Gen_SIEM" alt="CrowdStrike and Cribl Expand Partnership with CrowdStream for Next-Gen SIEM" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">CrowdStrike and Cribl Expand Partnership with CrowdStream for Next-Gen SIEM</div> <div class="date">Nov 21, 2024</div> </div> </a> </li> </ul> </li> <li class="blog_navigation_right_li_tab"> <a href="/en-us/blog/videos/" class="blog_navigation_right_li_header" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/videos.html">Video</a> <ul class="horizontal_dropdown"> <li> <a href="/en-us/blog/video-highlights-the-4-key-steps-to-successful-incident-response/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/video-highlights-the-4-key-steps-to-successful-incident-response.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/IR-Video-Blog-1" alt="Video Highlights the 4 Key Steps to Successful Incident Response" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">Video Highlights the 4 Key Steps to Successful Incident Response</div> <div class="date">Dec 02, 2019</div> </div> </a> </li> <li> <a href="/en-us/blog/helping-non-security-stakeholders-understand-attck-in-10-minutes-or-less/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/helping-non-security-stakeholders-understand-attck-in-10-minutes-or-less.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/video-ATTCK2-1" alt="Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO]" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO]</div> <div class="date">Feb 21, 2019</div> </div> </a> </li> <li> <a href="/en-us/blog/qatars-commercial-bank-chooses-crowdstrike-falcon-a-partnership-based-on-trust/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/qatars-commercial-bank-chooses-crowdstrike-falcon-a-partnership-based-on-trust.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Edward-Gonam-Qatar-Blog2-1" alt="Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO]" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO]</div> <div class="date">Aug 20, 2018</div> </div> </a> </li> <li> <a href="/en-us/blog/how-crowdstrike-integrates-threat-intelligence-with-endpoint-protection/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/how-crowdstrike-integrates-threat-intelligence-with-endpoint-protection.html"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/GK-Blog_Images-1" alt="Endpoint Protection and Threat Intelligence: The Way Forward [VIDEO]" data-uw-rm-alt-original="" data-uw-rm-alt="CT"/></div> <div class="d-flex flex-column"> <div class="title">Endpoint Protection and Threat Intelligence: The Way Forward [VIDEO]</div> <div class="date">Aug 05, 2018</div> </div> </a> </li> </ul> </li> <li class="blog_navigation_right_li_tab"> <a href="/en-us/blog/categories-overview/" class="blog_navigation_right_li_header" data-link-tracked="true" data-uw-rm-brl="PR">Category</a> <ul id="blog-navigation-category-dropdown" class="vertical_dropdown"> <li class="vertical_dropdown_element cloud-security active"> <a href="/en-us/blog/category.cloud-security/"> <div class="title">Cloud & Application Security</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center cloud-security">Cloud & Application Security </dt> <dd> <a href="/en-us/blog/shift-left-measure-right-assessing-efficacy-application-security-ci-cd/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-14" alt="Shift Left, Measure Right: Assessing the Efficacy of Application Security in the Age of CI/CD"/> </div> <div class="title">Shift Left, Measure Right: Assessing the Efficacy of Application Security in the Age of CI/CD</div> </a> <div class="date">11/21/24 </div> </dd> <dd> <a href="/en-us/blog/falcon-platform-supports-google-cloud-arm-based-axion-cpus/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-2-1-1" alt="CrowdStrike Falcon Platform Supports Google Cloud's ARM-Based Axion CPUs"/> </div> <div class="title">CrowdStrike Falcon Platform Supports Google Cloud's ARM-Based Axion CPUs</div> </a> <div class="date">10/30/24 </div> </dd> <dd> <a href="/en-us/blog/new-crowdstrike-research-challenges-containerized-workload-predictability-assumption/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0123_06_Linux-Container-Escapes_Blog_1060x698-1024x674" alt="CrowdStrike Research Challenges Containerized Application Predictability Assumptions"/> </div> <div class="title">CrowdStrike Research Challenges Containerized Application Predictability Assumptions</div> </a> <div class="date">10/29/24 </div> </dd> <dd> <a href="/en-us/blog/strengthen-and-streamline-devops/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-14" alt="CrowdStrike Empowers DevSecOps Teams to Strengthen and Streamline Cloud Security"/> </div> <div class="title">CrowdStrike Empowers DevSecOps Teams to Strengthen and Streamline Cloud Security</div> </a> <div class="date">10/02/24 </div> </dd> </dl> </li> <li class="vertical_dropdown_element counter-adversary-operations "> <a href="/en-us/blog/category.counter-adversary-operations/"> <div class="title">Counter Adversary Operations</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center counter-adversary-operations">Counter Adversary Operations </dt> <dd> <a href="/en-us/blog/liminal-panda-telecom-sector-threats/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog-1124_01_LIMINAL-PANDA_Blog_1060x698" alt="Unveiling LIMINAL PANDA: A Closer Look at China's Cyber Threats to the Telecom Sector "/> </div> <div class="title">Unveiling LIMINAL PANDA: A Closer Look at China's Cyber Threats to the Telecom Sector </div> </a> <div class="date">11/19/24 </div> </dd> <dd> <a href="/en-us/blog/anonymous-sudan-hacktivist-group-ddos-indictment/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_04_US-Indicts-Hacktivist-Group" alt="U.S. Department of Justice Indicts Hacktivist Group Anonymous Sudan for Prominent DDoS Attacks in 2023 and 2024"/> </div> <div class="title">U.S. Department of Justice Indicts Hacktivist Group Anonymous Sudan for Prominent DDoS Attacks in 2023 and 2024</div> </a> <div class="date">10/16/24 </div> </dd> <dd> <a href="/en-us/blog/authorities-indict-indrik-spider-members-detail-ties-bitwise-spider-russian-state/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0924_05_Indrik-Spider-Indictment" alt="International Authorities Indict, Sanction Additional INDRIK SPIDER Members and Detail Ties to BITWISE SPIDER and Russian State Activity"/> </div> <div class="title">International Authorities Indict, Sanction Additional INDRIK SPIDER Members and Detail Ties to BITWISE SPIDER and Russian State Activity</div> </a> <div class="date">10/01/24 </div> </dd> <dd> <a href="/en-us/blog/how-crowdstrike-hunts-identifies-and-defeats-cloud-threats/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0824_03_THR-Cloud-Threats" alt="How CrowdStrike Hunts, Identifies and Defeats Cloud-Focused Threats"/> </div> <div class="title">How CrowdStrike Hunts, Identifies and Defeats Cloud-Focused Threats</div> </a> <div class="date">09/26/24 </div> </dd> </dl> </li> <li class="vertical_dropdown_element endpoint-protection "> <a href="/en-us/blog/category.endpoint-protection/"> <div class="title">Endpoint Security & XDR</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center endpoint-protection">Endpoint Security & XDR </dt> <dd> <a href="/en-us/blog/mitre-center-for-threat-informed-defense-secure-ai-project-partnership/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-7" alt="CrowdStrike Partners with MITRE Center for Threat-Informed Defense to Launch Secure AI Project"/> </div> <div class="title">CrowdStrike Partners with MITRE Center for Threat-Informed Defense to Launch Secure AI Project</div> </a> <div class="date">11/22/24 </div> </dd> <dd> <a href="/en-us/blog/gulf-bank-saves-with-crowdstrike/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog-1124_02_Gulf-Bank_Consolidating-with-CS" alt="Gulf Bank Swaps Four Security Products for the CrowdStrike Falcon Platform, Saving Time and Money"/> </div> <div class="title">Gulf Bank Swaps Four Security Products for the CrowdStrike Falcon Platform, Saving Time and Money</div> </a> <div class="date">11/22/24 </div> </dd> <dd> <a href="/en-us/blog/crowdstrike-top-scores-2024-gartner-critical-capabilities-endpoint-protection-platforms-report/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0222_03_Falcon_Platform_Blog_1060x698-1024x674" alt="CrowdStrike Receives High Scores in 2024 Gartner® Critical Capabilities for Endpoint Protection Platforms Report"/> </div> <div class="title">CrowdStrike Receives High Scores in 2024 Gartner® Critical Capabilities for Endpoint Protection Platforms Report</div> </a> <div class="date">10/31/24 </div> </dd> <dd> <a href="/en-us/blog/crowdstrike-fortinet-partnership-unifies-endpoint-firewall-protection/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/CS-Fortinet_Blog" alt="CrowdStrike + Fortinet: Unifying AI-Native Endpoint and Next-Gen Firewall Protection"/> </div> <div class="title">CrowdStrike + Fortinet: Unifying AI-Native Endpoint and Next-Gen Firewall Protection</div> </a> <div class="date">10/22/24 </div> </dd> </dl> </li> <li class="vertical_dropdown_element engineering-and-technology "> <a href="/en-us/blog/category.engineering-and-technology/"> <div class="title">Engineering & Tech</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center engineering-and-technology">Engineering & Tech </dt> <dd> <a href="/en-us/blog/tech-analysis-channel-file-may-contain-null-bytes/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/ResourceCards-04" alt="Tech Analysis: Channel File May Contain Null Bytes"/> </div> <div class="title">Tech Analysis: Channel File May Contain Null Bytes</div> </a> <div class="date">07/24/24 </div> </dd> <dd> <a href="/en-us/blog/embersim-large-databank-for-similarity-research-in-cybersecurity/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Falcon-Script-Control-Blog-1-1024x674" alt="EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis"/> </div> <div class="title">EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis</div> </a> <div class="date">06/06/24 </div> </dd> <dd> <a href="/en-us/blog/esxi-ransomware-detection-falcon-next-gen-siem/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/XXXX_Falcon-LogScale-So-Fast_Blog_1060x698" alt="CrowdStrike Falcon Next-Gen SIEM Unveils Advanced Detection of Ransomware Targeting VMware ESXi Environments"/> </div> <div class="title">CrowdStrike Falcon Next-Gen SIEM Unveils Advanced Detection of Ransomware Targeting VMware ESXi Environments</div> </a> <div class="date">04/15/24 </div> </dd> <dd> <a href="/en-us/blog/crowdstrikes-advanced-memory-scanning-stops-threat-actor/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0123_11_DLL-Sideloading_Advanced-Memory-Scanning_Blog_1060x698" alt="CrowdStrike’s Advanced Memory Scanning Stops Threat Actor Using BRc4 at Telecommunications Customer"/> </div> <div class="title">CrowdStrike’s Advanced Memory Scanning Stops Threat Actor Using BRc4 at Telecommunications Customer</div> </a> <div class="date">09/27/23 </div> </dd> </dl> </li> <li class="vertical_dropdown_element executive-viewpoint "> <a href="/en-us/blog/category.executive-viewpoint/"> <div class="title">Executive Viewpoint</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center executive-viewpoint">Executive Viewpoint </dt> <dd> <a href="/en-us/blog/crowdstrike-launches-ai-red-team-services/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog-AI-Red-Team" alt="CrowdStrike Launches AI Red Team Services to Secure AI Innovation"/> </div> <div class="title">CrowdStrike Launches AI Red Team Services to Secure AI Innovation</div> </a> <div class="date">11/07/24 </div> </dd> <dd> <a href="/en-us/blog/crowdstrike-acquires-adaptive-shield-and-integrates-saas-protection/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/alpine-blog-social" alt="CrowdStrike to Acquire Adaptive Shield to Deliver Integrated SaaS Security Posture Management"/> </div> <div class="title">CrowdStrike to Acquire Adaptive Shield to Deliver Integrated SaaS Security Posture Management</div> </a> <div class="date">11/06/24 </div> </dd> <dd> <a href="/en-us/blog/fal-con-europe-2024/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_02_Fal.Con-Europe_01" alt="Fal.Con Europe: Bringing the Power of the Crowd to Amsterdam"/> </div> <div class="title">Fal.Con Europe: Bringing the Power of the Crowd to Amsterdam</div> </a> <div class="date">10/14/24 </div> </dd> <dd> <a href="/en-us/blog/george-kurtz-resilient-by-design-fal-con-2024/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0924_04_Post-Fal.Con_Resilient-by-Design_03B" alt="Recognizing the Resilience of the CrowdStrike Community"/> </div> <div class="title">Recognizing the Resilience of the CrowdStrike Community</div> </a> <div class="date">09/25/24 </div> </dd> </dl> </li> <li class="vertical_dropdown_element from-the-front-lines "> <a href="/en-us/blog/category.from-the-front-lines/"> <div class="title">From The Front Lines</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center from-the-front-lines">From The Front Lines </dt> <dd> <a href="/en-us/blog/crowdstrike-named-leader-for-cybersecurity-incident-response-services-q2-2024/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/xdr-wave-blog-image-1068x698-headline-3-1024x669" alt="CrowdStrike Named a Leader with “Bold Vision” in 2024 Forrester Wave for Cybersecurity Incident Response Services"/> </div> <div class="title">CrowdStrike Named a Leader with “Bold Vision” in 2024 Forrester Wave for Cybersecurity Incident Response Services</div> </a> <div class="date">06/10/24 </div> </dd> <dd> <a href="/en-us/blog/how-to-defend-employees-data-as-social-engineering-evolves/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_0520_08-1" alt="How to Defend Employees and Data as Social Engineering Evolves"/> </div> <div class="title">How to Defend Employees and Data as Social Engineering Evolves</div> </a> <div class="date">03/22/24 </div> </dd> <dd> <a href="/en-us/blog/anatomy-of-alpha-spider-ransomware/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/SPIDER-adversary-blog-main-image" alt="The Anatomy of an ALPHA SPIDER Ransomware Attack"/> </div> <div class="title">The Anatomy of an ALPHA SPIDER Ransomware Attack</div> </a> <div class="date">02/29/24 </div> </dd> <dd> <a href="/en-us/blog/crowdstrike-incident-response-executive-prep-checklist/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0122_03_IR_Tracker_for_DFIR_Community" alt="CrowdStrike Services Offers Incident Response Executive Preparation Checklist"/> </div> <div class="title">CrowdStrike Services Offers Incident Response Executive Preparation Checklist</div> </a> <div class="date">10/23/23 </div> </dd> </dl> </li> <li class="vertical_dropdown_element identity-protection "> <a href="/en-us/blog/category.identity-protection/"> <div class="title">Identity Protection</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center identity-protection">Identity Protection </dt> <dd> <a href="/en-us/blog/pegasystems-consolidates-endpoint-identity-cloud-security/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-1-768x506" alt="Pegasystems Consolidates Endpoint, Identity and Cloud Security with CrowdStrike"/> </div> <div class="title">Pegasystems Consolidates Endpoint, Identity and Cloud Security with CrowdStrike</div> </a> <div class="date">11/13/24 </div> </dd> <dd> <a href="/en-us/blog/new-account-linking-capabilities-crowdstrike-falcon-identity-protection/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/1024_05_New-Account-Linking_AI-Stops-ID-Attacks_Blog" alt="Protect Your Weakest Link: New Account Linking Capabilities Use AI to Thwart Identity-Based Attacks "/> </div> <div class="title">Protect Your Weakest Link: New Account Linking Capabilities Use AI to Thwart Identity-Based Attacks </div> </a> <div class="date">10/24/24 </div> </dd> <dd> <a href="/en-us/blog/crowdstrike-unveils-falcon-identity-protection-innovations-fal-con-2024/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0824_02_Fal.Con-Preview_ID" alt="CrowdStrike Announces Falcon Identity Protection Innovations for Entra ID and Privileged Access"/> </div> <div class="title">CrowdStrike Announces Falcon Identity Protection Innovations for Entra ID and Privileged Access</div> </a> <div class="date">09/17/24 </div> </dd> <dd> <a href="/en-us/blog/elevating-identity-security-fal-con-2024/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0824_02_Fal.Con-Preview_ID-1024x674" alt="Elevating Identity Security at Fal.Con 2024"/> </div> <div class="title">Elevating Identity Security at Fal.Con 2024</div> </a> <div class="date">09/11/24 </div> </dd> </dl> </li> <li class="vertical_dropdown_element observability-and-log-management "> <a href="/en-us/blog/category.observability-and-log-management/"> <div class="title">Next-Gen SIEM & Log Management</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center observability-and-log-management">Next-Gen SIEM & Log Management </dt> <dd> <a href="/en-us/blog/cribl-partnership-crowdstream-expansion/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0324_02_Next-Gen_SIEM" alt="CrowdStrike and Cribl Expand Partnership with CrowdStream for Next-Gen SIEM"/> </div> <div class="title">CrowdStrike and Cribl Expand Partnership with CrowdStream for Next-Gen SIEM</div> </a> <div class="date">11/21/24 </div> </dd> <dd> <a href="/en-us/blog/building-custom-apps-with-crowdstrike-falcon-foundry/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-1" alt="Falcon Foundry: Build Custom Apps to Solve Tough Security Challenges"/> </div> <div class="title">Falcon Foundry: Build Custom Apps to Solve Tough Security Challenges</div> </a> <div class="date">10/22/24 </div> </dd> <dd> <a href="/en-us/blog/falcon-next-gen-siem-top-faqs/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/1222_08_10-Questions_Choosing-LogMgmt-Solution_Blog_1060x698-1024x674" alt="Top FAQs about CrowdStrike Falcon Next-Gen SIEM"/> </div> <div class="title">Top FAQs about CrowdStrike Falcon Next-Gen SIEM</div> </a> <div class="date">10/21/24 </div> </dd> <dd> <a href="/en-us/blog/entra-id-protection-with-falcon-idp-and-next-gen-siem/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/1023_03_Compromising-Identity-Provider-Federation-1024x674" alt="Bolster Microsoft Entra ID Protection with Falcon Identity Protection and Falcon Next-Gen SIEM"/> </div> <div class="title">Bolster Microsoft Entra ID Protection with Falcon Identity Protection and Falcon Next-Gen SIEM</div> </a> <div class="date">10/15/24 </div> </dd> </dl> </li> <li class="vertical_dropdown_element public-sector "> <a href="/en-us/blog/category.public-sector/"> <div class="title">Public Sector</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center public-sector">Public Sector </dt> <dd> <a href="/en-us/blog/crowdstrike-statement-bloomberg/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Falcon-on-white" alt="CrowdStrike Statement on Bloomberg’s October 25, 2024 Story"/> </div> <div class="title">CrowdStrike Statement on Bloomberg’s October 25, 2024 Story</div> </a> <div class="date">10/25/24 </div> </dd> <dd> <a href="/en-us/blog/next-steps-for-ecosystem-level-cybersecurity/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0522_11_Falcon_ID-Threat-Protection_Fed-State-Local_Blog_1060x698" alt="Achieving Ecosystem-level Cybersecurity: A U.S. Policy Perspective"/> </div> <div class="title">Achieving Ecosystem-level Cybersecurity: A U.S. Policy Perspective</div> </a> <div class="date">06/11/24 </div> </dd> <dd> <a href="/en-us/blog/sec_readiness/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-21-1" alt="CrowdStrike Launches SEC Readiness Services to Prepare Boardrooms for New Regulations"/> </div> <div class="title">CrowdStrike Launches SEC Readiness Services to Prepare Boardrooms for New Regulations</div> </a> <div class="date">03/14/24 </div> </dd> <dd> <a href="/en-us/blog/state-of-wyoming-looks-to-expand-crowdstrike-protections/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Identity-protection-for-government-blog-main-image" alt="After Years of Success, State of Wyoming Looks to Expand CrowdStrike Protections Statewide"/> </div> <div class="title">After Years of Success, State of Wyoming Looks to Expand CrowdStrike Protections Statewide</div> </a> <div class="date">02/28/24 </div> </dd> </dl> </li> <li class="vertical_dropdown_element exposure-management "> <a href="/en-us/blog/category.exposure-management/"> <div class="title">Exposure Management</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center exposure-management">Exposure Management </dt> <dd> <a href="/en-us/blog/patch-tuesday-analysis-november-2024/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/patch-tuesday-blog-1" alt="November 2024 Patch Tuesday: Four Critical and Three Zero-Days Among 158 Vulnerabilities Patched"/> </div> <div class="title">November 2024 Patch Tuesday: Four Critical and Three Zero-Days Among 158 Vulnerabilities Patched</div> </a> <div class="date">11/12/24 </div> </dd> <dd> <a href="/en-us/blog/patch-tuesday-analysis-october-2024/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/patch-tuesday-blog-1" alt="October 2024 Patch Tuesday: Two Zero-Days and Three Critical Vulnerabilities Amid 118 CVEs"/> </div> <div class="title">October 2024 Patch Tuesday: Two Zero-Days and Three Critical Vulnerabilities Amid 118 CVEs</div> </a> <div class="date">10/08/24 </div> </dd> <dd> <a href="/en-us/blog/crowdstrike-named-leader-forrester-wave-attack-surface-management-2024/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/24-OTH-184_Forrester%20ASM%20Wave%20%20BLOG%20v2%201060x698" alt="CrowdStrike Named a Leader in the 2024 Forrester Wave™: Attack Surface Management Solutions"/> </div> <div class="title">CrowdStrike Named a Leader in the 2024 Forrester Wave™: Attack Surface Management Solutions</div> </a> <div class="date">10/03/24 </div> </dd> <dd> <a href="/en-us/blog/patch-tuesday-analysis-september-2024/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/patch-tuesday-blog-1" alt="September 2024 Patch Tuesday: Four Zero-Days and Seven Critical Vulnerabilities Amid 79 CVEs"/> </div> <div class="title">September 2024 Patch Tuesday: Four Zero-Days and Seven Critical Vulnerabilities Amid 79 CVEs</div> </a> <div class="date">09/09/24 </div> </dd> </dl> </li> <li class="vertical_dropdown_element small-business "> <a href="/en-us/blog/category.small-business/"> <div class="title">Small Business</div> </a> <dl class="vertical_dropdown_list"> <dt class="d-flex align-items-center small-business">Small Business </dt> <dd> <a href="/en-us/blog/smb-security-seamless-mobile-protection/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_03_SMB-Big-Protection" alt="CrowdStrike Strengthens SMB Security with Seamless Mobile Protection"/> </div> <div class="title">CrowdStrike Strengthens SMB Security with Seamless Mobile Protection</div> </a> <div class="date">11/21/24 </div> </dd> <dd> <a href="/en-us/blog/four-steps-to-increase-cyber-resilience/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_03_SMB-Big-Protection" alt="Small Business, Big Defense: Four Pillars of an Effective Cybersecurity Awareness Program"/> </div> <div class="title">Small Business, Big Defense: Four Pillars of an Effective Cybersecurity Awareness Program</div> </a> <div class="date">10/14/24 </div> </dd> <dd> <a href="/en-us/blog/3-ways-small-businesses-big-strides-cybersecurity/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/1022_08_Small-Business-Rethink-Cybersecurity_Blog_1060x698" alt="3 Ways Small Businesses Can Make Big Strides in Cybersecurity"/> </div> <div class="title">3 Ways Small Businesses Can Make Big Strides in Cybersecurity</div> </a> <div class="date">06/14/24 </div> </dd> <dd> <a href="/en-us/blog/falcon-for-mobile-unlocks-small-business-security-options/"> <div class="image"><img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/0921_06_Telecomm_LightBasin" alt="CrowdStrike Falcon for Mobile Unlocks New Mobile Security Options for SMBs"/> </div> <div class="title">CrowdStrike Falcon for Mobile Unlocks New Mobile Security Options for SMBs</div> </a> <div class="date">06/12/24 </div> </dd> </dl> </li> </ul> </li> <li class="blog_navigation_right_li_tab"> <a href="https://www.crowdstrike.com/products/trials/try-falcon-prevent" class="blog_navigation_right_li_header userway-s7-active">Start Free Trial</a> </li> </ul> <div id="blogMobileMenuBtn" class="mobile_nav_btn red"><span></span></div> </div> </div> </div> <div class="blog_navigation_mobile"> <div class="container"> <div class="row"> <div class="col-12"> <ul> <li> <a href="/en-us/blog/featured-articles/">Featured</a> </li> <li> <a href="/en-us/blog/recent-articles/">Recent</a> </li> <li> <a href="/en-us/blog/videos/">Video</a> </li> <li> <a href="/en-us/blog/categories-overview/">Category</a> </li> <li> <a href="https://www.crowdstrike.com/products/trials/try-falcon-prevent">Start Free Trial</a> </li> </ul> </div> </div> </div> </div> <div style="display: none;"> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> <div class="cmp-wp-modal modal_insert_location aem-GridColumn aem-GridColumn--default--12"> <div data-id="wistia_player_embed"></div> <div id="subscribe" class="container"> <div class="row"> <div class="col-lg-12"> <div id="modal-inner-mask" class="modal_mask"> <div class="close_button"><i data-id="modal-close" class="fa fa-close"></i></div> <div class="modal-insert-wrapper"> <div id="modal-insert" class="modal_content"> </div> </div> </div> </div> </div> </div> <div style="display: none;"> </div> </div> <div class="container-wp container-wp--centered-blog container-wp--grid container-wp--num-col-2-right-sidebar-blog container-wp--num-col-2-right-sidebar-blog-desktop aem-GridColumn aem-GridColumn--default--12"> <div id="main-container" class="cmp-container-wp" data-cmp-is="responsive-grid-container" data-padding-top="128"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="container-wp container-wp--main-content-blog aem-GridColumn aem-GridColumn--default--12"> <div id="container-08194d06fe" class="cmp-container-wp" data-cmp-is="responsive-grid-container" data-padding-left="16" data-padding-right="16"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="headline aem-GridColumn aem-GridColumn--default--12"> <div class="cmp-wp-headline" id="headline-en-us-04-19-2024"> <h1>Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER</h1> <div class="publish_info"> <p>May 30, 2019</p> <span>|</span> <a href="/en-us/blog/author.eric-john-and-harlan-carvey/" title="Posts by Eric.John.and.Harlan.Carvey" rel="author"> Eric.John.and.Harlan.Carvey</a> <span>|</span> <a href="/en-us/blog/category.from-the-front-lines/" title="From The Front Lines">From The Front Lines</a> </div> <div class="post_image"> <img width="1060" height="698" src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/SPIDER-timeline-blog-1" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" decoding="async" fetchpriority="high" srcset="/content/dam/crowdstrike/www/en-us/wp/2019/05/SPIDER-timeline-blog-1.png 530w,https://assets.crowdstrike.com/is/image/crowdstrikeinc/SPIDER-timeline-blog-1-300x198 300w" sizes="(max-width: 1060px) 100vw, 1060px"/> </div> </div> <div style="display: none;"> </div> </div> <div class="text text--blog-content aem-GridColumn aem-GridColumn--default--12"> <div class="cmp-text" id="text-8b6642976a" data-cmp-name="cmp-text-" data-cmp-is="text" data-target-location="false"> <span>The tactic of singling out large organizations for high ransom payouts has signaled a shift in the eCrime ecosystem, with a focus on targeted, low-volume, high-return criminal activity. It’s a type of cybercrime operation we refer to as <a href="/en-us/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/">“big game hunting</a>.” CrowdStrike<sup>®</sup> Services has observed that the time from gaining initial access in the victim’s environment to launching ransomware can range from days to months. During this time, there are several opportunities to detect an adversary in the process of learning your network – and potentially stop their attack before it occurs. This blog uses the MITRE ATT&CK™ Framework to map WIZARD SPIDER and GRIM SPIDER tactics, techniques and procedures (TTPs) observed across several CrowdStrike Services engagements, illustrating how an attack unfolds and the different stages involved. <h2>Increased Activity Observed</h2> <span style=" font-weight: 400; ">An uptick in activity from </span><a href="/en-us/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/"><span style=" font-weight: 400; ">GRIM SPIDER</span></a><span style=" font-weight: 400; ">, a subgroup of the criminal enterprise CrowdStrike Intelligence tracks as </span><a href="/en-us/blog/sin-ful-spiders-wizard-spider-and-lunar-spider-sharing-the-same-web/"><span style=" font-weight: 400; ">WIZARD SPIDER</span></a><span style=" font-weight: 400; ">, has led to the identification of consistent actions employed to carry out their attacks. As part of their initial compromise — usually as a download from a spam email — they gain a foothold with their </span><a href="/en-us/blog/sin-ful-spiders-wizard-spider-and-lunar-spider-sharing-the-same-web/"><span style=" font-weight: 400; ">modular TrickBot malware,</span></a><span style=" font-weight: 400; "> which was developed and is principally operated by WIZARD SPIDER. Once TrickBot is executed, new enumeration modules are downloaded onto the compromised machine to facilitate WIZARD SPIDER’s spread in search of credentials with the aim of gaining access to the domain controller. The criminal actors use RDP to perform <a href="/epp-101/lateral-movement.html">lateral movement</a> and explore the victim environment, with an end result of gaining access to the domain controller. Once this access has been achieved, GRIM SPIDER is able to deploy the Ryuk ransomware to the entire network. These observations come from system log data, CrowdStrike Falcon®</span><span style=" font-weight: 400; ">®</span><span style=" font-weight: 400; "> sensor telemetry, and the output of the Falcon Forensic Collector (a customized version of CrowdStrike’s freely distributed community tool, </span><a href="/en-us/resources/community-tools/"><span style=" font-weight: 400; ">CrowdResponse</span></a><span style=" font-weight: 400; ">).</span> <h2>Initial Access and Execution</h2> <span style=" font-weight: 400; ">While the use of malicious attachments in spam emails is the most common initial access vector — determined across multiple CrowdStrike investigations — the available data from these investigations had either been removed or “aged off” the systems (i.e., dispersed due to the passage of time) before CrowdStrike Services could confirm the source. In cases where spam attachments could be verified — once a user has opened the attachment and enabled macro functionality — a PowerShell script downloads either Emotet, Bokbot or Trickbot, with the end payload being TrickBot. Within hours of TrickBot being executed, additional TrickBot modules are installed for network reconnaissance and credential theft. </span> <h2>Persistence</h2> Trickbot is installed as a scheduled task, using names like “WinDotNet,” “GoogleTask,” or “Sysnetsf” to masquerade as legitimate-appearing processes. These point to various copies of TrickBot installed in the system, usually within the user profile under <code>%USER_DIR%\AppData\Roaming\</code> or a subdirectory. The subdirectories also use similarly misleading names like “WinDefrag” or “NetSocket” to appear innocuous. TrickBot may also be installed as a service with names like “ControlServiceA” that points to a copy in the system drive root. <span style=" font-weight: 400; ">WIZARD SPIDER uses a module named NewBCtestnDll64 as a reverse SOCKS proxy that allows for the download and installation of the open source <p> </p></span><a href="https://github.com/EmpireProject/Empire"><span style=" font-weight: 400; ">PowerShell Empire post-exploitation framework</span></a><span style=" font-weight: 400; ">. These services launch a Base64-encoded PowerShell script that will fetch the full PowerShell Empire code from a remote IP. Each instance of the Updater service connects to a single IP address, and multiple versions may be added at the same time, pointing to different IPs and requesting a </span><code><span style=" font-weight: 400; ">.php</span></code><span style=" font-weight: 400; "> resource.</span> <h2>Credential Access</h2> The TrickBot module used for credential harvesting is <code>pwgrab64</code>. As with all modules launched by the TrickBot core, <code>pwgrab64</code> is installed into a subfolder, usually named either “modules” or “data,” and modified the following registry value: <code>Registry Key: </code> <code>HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest</code> <code>Value: <a href="https://p16.praetorian.com/blog/mitigating-mimikatz-wdigest-cleartext-credential-theft">UseLogonCredential</a></code> <code>Data: 1</code> Setting the “UseLogonCredential” value to “1” configures the Windows operating system to store credentials as cleartext in memory, where they can then be retrieved via the use of credential dumping tools. Older versions of the pwgrab module has a limited scope that targets mail clients, web browsers, FileZilla and WinSCP. Newer versions also dump passwords for applications such as PuTTY, VNC and RDP. In the investigations reviewed by CrowdStrike Services, the <code>UseLogonCredential</code> registry value was observed having been set to “1” on systems throughout the infrastructure, often in conjunction with TrickBot’s first deployment to the host. <h2>Discovery</h2> The TrickBot modules used for discovery include <code>networkdll</code> and <code>psfin</code>. TrickBot downloads modules for collecting local system information and scouting the network, primarily part of the<code> networkdll</code> module. This module has a battery of command line, WMI and LDAP queries to gather information, and then exfiltrate the data to GRIM SPIDER for review. The <code>psfin</code> module has a similar purpose but specifically searches for financial and point-of-sales indicators. <h2>Lateral Movement</h2> Following initial access, GRIM SPIDER focuses on collecting credentials from the compromised hosts and uses existing RDP in an attempt to get a domain administrator account and access to the Windows Domain Controller. This process can take several iterations of harvesting credentials, connecting to new systems and establishing persistence. For the incidents observed, this stage of the attack can last from a few days to a few months. GRIM SPIDER also has been observed selecting a server to be the primary staging point. Subsequently, the adversary copies the Microsoft SysInternals PSTools archive to this system, and executes <code>PsExec.exe</code>, a utility that allows them to move laterally and execute commands on other Windows systems within the infrastructure. Using this common administrator tool, GRIM SPIDER can traverse the network, remotely installing TrickBot and adding persistence to new targets. TrickBot also has the <code>shareDll</code> module for propagating to other hosts using the current, active user credentials. <h2>Deploying Ransomware</h2> Once GRIM SPIDER has gained access to credentials and a Domain Controller, or other host management server, they would then stage the <a href="/en-us/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/">Ryuk ransomware</a> on that system and deploy to targets via PsExec. Being the “noisiest” part of the operation, it is usually accomplished as quickly as possible to minimize chances of detection, as all of the necessary preliminary work has already been completed. In observed instances, the deployment and execution of Ryuk occurred in one session, typically lasting 3 to 8 hours. <h2>Summary</h2> Putting the pieces together gives a view into WIZARD SPIDER'S and GRIM SPIDER’s methodology, but it also provides some useful detection points that can give defenders advanced notice by setting up monitoring and configurations to thwart the goals of these eCrime actors. With this knowledge, we aim to equip you to stop the WIZARD SPIDER and GRIM SPIDER threat actors well before they have an opportunity to encrypt your data or cause serious harm to your business. <h2>Additional Resources</h2> Table 1 below contains a mapping of WIZARD SPIDER and GRIM SPIDER tactics to the MITRE ATT&CK™ Framework. <table class="orange"><tbody><tr class="top-row bg-orange"><td>Tactic</td><td>Technique</td><td>Observable</td></tr><tr><td>Initial Access</td><td>Spear-Phishing Attachment</td><td>Not observed, due to time frame and data decay</td></tr><tr><td>Execution</td><td>Command Line Interface, PowerShell, Scheduled Task, Service Execution, Windows Remote Management</td><td>Execution of TrickBot via PsExec or PSEXESVC and scheduled tasks. Services and powershell used for PowerShell Empire</td></tr><tr><td>Persistence</td><td>New Service, Scheduled Task, Valid Accounts</td><td>PowerShell Empire service, Trickbot Scheduled Task, recording passwords of valid uses for remote authentication</td></tr><tr><td>Privilege Escalation</td><td>Valid Accounts</td><td>TrickBot pwgrab modules to get privileged accounts</td></tr><tr><td>Defense Evasion</td><td>Obfuscated Files or Information, File Deletion</td><td>PowerShell Empire service is Base64-encoded, services and files are generated with innocuous names. Some modules and configurations are removed after use.</td></tr><tr><td>Credential Access</td><td>Credential Dumping</td><td>Indications of TrickBot pwgrab64 module having been executed</td></tr><tr><td>Discovery</td><td>Remote System Discovery</td><td>Use of TrickBot modules for network discover</td></tr><tr><td>Lateral Movement</td><td>Windows Admin Shares, Remote File Copy and Remote Desktop Protocol (RDP)</td><td>Use of PsExec to deploy Trickbot/PowerShell Empire, copy credentials, other information from compromised infrastructure, RDP for exploring, copy tools to compromised infrastructure</td></tr><tr><td>Collection</td><td>Data Staged</td><td>Credential/network enumeration information</td></tr><tr><td>Exfiltration</td><td>Exfiltration via Command and Control Channel</td><td>Domain credentials, network enumeration information is sent back to GRIM SPIDER via http</td></tr><tr><td>Command and Control</td><td>Custom Command and Control Protocol</td><td>PowerShell Empire, TrickBot modules communicate over http</td></tr><tr><td>Impact</td><td>Data Encrypted for Impact</td><td>Ryuk ransomware</td></tr></tbody></table> Table 1: MITRE ATT&CK Mapping Indicators of compromise (IOCs) associated with WIZARD SPIDER investigations are available in Table 2. <table class="orange"><tbody><tr class="top-row bg-orange"><td>Indicator</td><td>Purpose</td></tr><tr><td>UseLogonCredential = 1</td><td>Registry value set for storing passwords (plaintext) in memory, used to harvest credentials</td></tr><tr><td>“Updater”, “Technoservice”</td><td>Service file name contains encoded PowerShell commands, service pointing to TrickBot</td></tr><tr><td>%COMSPEC% /C start /b C:\Windows\System32\WindowsPowershell\v1.0\powershell -noP -sta -w 1 -enc <em><BASE64></em></td><td>Service File Name content for PowerShell Empire loader</td></tr><tr><td>C:\Windows\tetup.exe , C:\mswvc.exe</td><td>Trickbot binary paths in C:\ or C:\Windows\, observed as a 5-character alphabetical name, or a long alphanumeric string with underscores</td></tr><tr><td>C:\Users\Default\AppData\Roaming\mssert\mtwvc.exe</td><td>Trickbot binary paths in home directories, observed as a 5-character alphabetical name under an alphabetical folder in AppData\Roaming\ , or a long alphanumeric string with underscores</td></tr></tbody></table> Table 2: IOCs Associated with GRIM SPIDER <h4>Learn More</h4> <ul><li><em>Learn how CrowdStrike can help your organization answer its most important security questions: <a href="/en-us/services/">Visit the CrowdStrike Services web page</a>.</em></li><li><em>Download the <a href="/resources/reports/2020-crowdstrike-global-threat-report.html">2020 CrowdStrike Global Threat Report.</a></em></li><li><em>Download the <a href="/content/crowdstrike-www/locale-sites/us/en-us/resources/reports/cyber-intrusion-services-casebook-2018/?ctm_source=Digital&ctm_medium=blog&ctm_campaign=WC_Casebook2018_Report">2018 CrowdStrike Services Cyber Intrusion Casebook</a> and read up on real-world IR investigations, with details on attacks and preventative recommendations.</em></li><li><em>Learn more about CrowdStrike’s next-gen endpoint protection by visiting <a href="/en-us/endpoint-security-products/falcon-platform/">the Falcon platform product page.</a></em></li><li><em>Test CrowdStrike next-gen AV for yourself: <a href="https://go.crowdstrike.com/try-falcon-prevent.html">Start your free trial of Falcon Prevent™</a> today.</em></li></ul></span> </div> </div> <div class="sociallinks aem-GridColumn aem-GridColumn--default--12"> <div class="cmp-wp-social-links" id="sociallinks-en-us-05-08-2024" data-target-location="false"> <ul class="list-share-buttons"> <li class="share-button"> <a class="tweet-btn " target="_blank" rel="noopener noreferrer" href="https://twitter.com/share?text=Unraveling+the+Spiderweb:+Timelining+ATT&CK+Artifacts+Used+by+GRIM+SPIDER&url=https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="https://twitter.com/share?text=Unraveling+the+Spiderweb:+Timelining+ATT&CK+Artifacts+Used+by+GRIM+SPIDER&url=https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/" data-uw-rm-kbnav="click" aria-label="Tweet - open in a new tab" data-uw-rm-ext-link="" uw-rm-external-link-id="https://twitter.com/share?text=Unraveling+the+Spiderweb:+Timelining+ATT&CK+Artifacts+Used+by+GRIM+SPIDER&url=https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/$tweet"> <span class="fa-brands fa-x-twitter"></span> <span class="tweet-text">Tweet</span> </a> </li> <li class="share-button"> <a class="li-btn" target="_blank" rel="noopener noreferrer" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/&title=Unraveling+the+Spiderweb:+Timelining+ATT&CK+Artifacts+Used+by+GRIM+SPIDER" data-link-tracked="true" data-uw-rm-kbnav="click" aria-label="Share - open in a new tab" data-uw-rm-ext-link="" uw-rm-external-link-id="https://www.linkedin.com/shareArticle?mini=true&url=https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/&title=Unraveling+the+Spiderweb:+Timelining+ATT&CK+Artifacts+Used+by+GRIM+SPIDER$share"> <span class="fa-brands fa-linkedin"></span> <span class="li-text">Share</span> </a> </li> </ul> </div> <div style="display: none;"> </div> </div> <div class="image aem-GridColumn aem-GridColumn--default--12"> <div data-cmp-is="image" data-asset-id="6e7a658d-5015-4a48-9f5e-6fc1753cf822" data-title="Breaches Stop Here" id="image-en-us-05-15-2024" data-cmp-hook-image="imageV3" class="cmp-image" itemscope itemtype="http://schema.org/ImageObject" data-target-location="false"> <img src="/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/.coreimg.jpeg/structure/_jcr_content/root/container/container/image_1535775213/1725276875657/breaches-stop-here-post-cta.jpeg" class="cmp-image__image" itemprop="contentUrl" alt="Breaches Stop Here"/> <svg class="cmp-image__play-icon__image-alt"> <use href="#play-alt" xmlns:xlink="https://www.w3.org/1999/xlink" xlink:href="#play-alt"></use> </svg> </div> <div style="display: none;"> </div> </div> <div class="relatedcontent aem-GridColumn aem-GridColumn--default--12"> <div class="cmp-wp-related-content" id="relatedcontent-en-us-05-08-2024" data-target-location="false"> <h5>Related Content</h5> <div class="row recent_articles"> <a class="col-12 col-md-4 recent_articles_item" href="/en-us/blog/crowdstrike-named-leader-for-cybersecurity-incident-response-services-q2-2024/"> <div class="post_image"> <img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/xdr-wave-blog-image-1068x698-headline-3-1024x669" alt="CrowdStrike Named a Leader with “Bold Vision” in 2024 Forrester Wave for Cybersecurity Incident Response Services"/> </div> <div class="post_info"> <h6>CrowdStrike Named a Leader with “Bold Vision” in 2024 Forrester Wave for Cybersecurity Incident Response Services</h6> <div class="excerpt"></div> </div> </a> <a class="col-12 col-md-4 recent_articles_item" href="/en-us/blog/how-to-defend-employees-data-as-social-engineering-evolves/"> <div class="post_image"> <img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_0520_08-1" alt="How to Defend Employees and Data as Social Engineering Evolves"/> </div> <div class="post_info"> <h6>How to Defend Employees and Data as Social Engineering Evolves</h6> <div class="excerpt"></div> </div> </a> <a class="col-12 col-md-4 recent_articles_item" href="/en-us/blog/anatomy-of-alpha-spider-ransomware/"> <div class="post_image"> <img src="https://assets.crowdstrike.com/is/image/crowdstrikeinc/SPIDER-adversary-blog-main-image" alt="The Anatomy of an ALPHA SPIDER Ransomware Attack"/> </div> <div class="post_info"> <h6>The Anatomy of an ALPHA SPIDER Ransomware Attack</h6> <div class="excerpt"></div> </div> </a> </div> </div> <div style="display: none;"> </div> </div> <div class="responsivegrid aem-GridColumn aem-GridColumn--default--12"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> </div> </div> <div class="container-wp container-wp--right-sidebar-blog aem-GridColumn aem-GridColumn--default--12"> <div id="container-8d32d5a07e" class="cmp-container-wp" data-cmp-is="responsive-grid-container" data-padding-left="16" data-padding-right="16"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="experiencefragment aem-GridColumn aem-GridColumn--default--12"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="responsivegrid aem-GridColumn aem-GridColumn--default--12"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="cmp-wp-modal modal_insert_location aem-GridColumn aem-GridColumn--default--12"> <div data-id="wistia_player_embed"></div> <div id="subscribe" class="container"> <div class="row"> <div class="col-lg-12"> <div id="modal-inner-mask" class="modal_mask"> <div class="close_button"><i data-id="modal-close" class="fa fa-close"></i></div> <div class="modal-insert-wrapper"> <div id="modal-insert" class="modal_content"> <div class="modal_form_embed"> <iframe src="https://go.crowdstrike.com/NewsAndComms.html"></iframe> </div> </div> </div> </div> </div> </div> </div> <div style="display: none;"> </div> </div> <div class="categories aem-GridColumn aem-GridColumn--default--12"> <div class="cmp-wp-categories" id="categories-en-us-08-19-2024" data-target-location="false"> <div class="blog_subsection"> <div class="blog_section_subtitle"> <div class="title">Categories</div> </div> </div> <div class="blog_featured_category_list"> <ul> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.cloud-security/"> <div class="category-type cloud-security"></div> <div class="category_name">Cloud & Application Security</div> <div class="count ml-auto">105</div> </a> </li> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.counter-adversary-operations/"> <div class="category-type counter-adversary-operations"></div> <div class="category_name">Counter Adversary Operations</div> <div class="count ml-auto">185</div> </a> </li> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.endpoint-protection/"> <div class="category-type endpoint-protection"></div> <div class="category_name">Endpoint Security & XDR</div> <div class="count ml-auto">309</div> </a> </li> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.engineering-and-technology/"> <div class="category-type engineering-and-technology"></div> <div class="category_name">Engineering & Tech</div> <div class="count ml-auto">78</div> </a> </li> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.executive-viewpoint/"> <div class="category-type executive-viewpoint"></div> <div class="category_name">Executive Viewpoint</div> <div class="count ml-auto">164</div> </a> </li> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.exposure-management/"> <div class="category-type exposure-management"></div> <div class="category_name">Exposure Management</div> <div class="count ml-auto">85</div> </a> </li> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.from-the-front-lines/"> <div class="category-type from-the-front-lines"></div> <div class="category_name">From The Front Lines</div> <div class="count ml-auto">190</div> </a> </li> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.identity-protection/"> <div class="category-type identity-protection"></div> <div class="category_name">Identity Protection</div> <div class="count ml-auto">38</div> </a> </li> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.observability-and-log-management/"> <div class="category-type observability-and-log-management"></div> <div class="category_name">Next-Gen SIEM & Log Management</div> <div class="count ml-auto">92</div> </a> </li> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.public-sector/"> <div class="category-type public-sector"></div> <div class="category_name">Public Sector</div> <div class="count ml-auto">37</div> </a> </li> <li> <a class="category-sidebar-link d-flex align-items-center" href="/en-us/blog/category.small-business/"> <div class="category-type small-business"></div> <div class="category_name">Small Business</div> <div class="count ml-auto">9</div> </a> </li> </ul> </div> </div> <div style="display: none;"> </div> </div> <div class="sociallinks aem-GridColumn aem-GridColumn--default--12"> <div class="cmp-social-links-wp" id="sociallinks-en-us-08-19-2024" data-target-location="false"> <div class="social"> <h6>CONNECT WITH US</h6> <div class="social_icons"> <a href="https://www.linkedin.com/company/crowdstrike" target="_blank" data-link-tracked="true" aria-label="linkedin" data-uw-rm-empty-ctrl="" data-uw-rm-brl="PR" data-uw-original-href="https://www.linkedin.com/company/crowdstrike"> <span class="fa-brands fa-linkedin"></span> </a> <a href="https://www.linkedin.com/company/crowdstrike" target="_blank" data-link-tracked="true" aria-label="twitter" data-uw-rm-empty-ctrl="" data-uw-rm-brl="PR" data-uw-original-href="https://www.linkedin.com/company/crowdstrike"> <span class="fa-brands fa-x-twitter"></span> </a> <a href="https://www.facebook.com/CrowdStrike/" target="_blank" data-link-tracked="true" aria-label="facebook" data-uw-rm-empty-ctrl="" data-uw-rm-brl="PR" data-uw-original-href="https://www.facebook.com/CrowdStrike/"> <span class="fa-brands fa-facebook"></span> </a> <a href="https://www.instagram.com/crowdstrike/?hl=en" target="_blank" data-link-tracked="true" aria-label="instagram" data-uw-rm-empty-ctrl="" data-uw-rm-brl="PR" data-uw-original-href="https://www.instagram.com/crowdstrike/?hl=en"> <span class="fa-brands fa-instagram"></span> </a> <a href="http://www.youtube.com/user/CrowdStrike" target="_blank" data-link-tracked="true" aria-label="youtube" data-uw-rm-empty-ctrl="" data-uw-rm-brl="PR" data-uw-original-href="http://www.youtube.com/user/CrowdStrike"> <span class="fa-brands fa-youtube"></span> </a> <a href="/en-us/blog/feed" target="_blank" data-link-tracked="true" aria-label="rss" data-uw-rm-empty-ctrl="" data-uw-rm-brl="PR" data-uw-original-href="/en-us/blog/feed"> <span class="fa fa-rss"></span> </a> </div> </div> </div> <div style="display: none;"> </div> </div> <div class="image aem-GridColumn aem-GridColumn--default--12"> <div data-cmp-is="image" data-asset-id="c5874f54-1fc1-41e2-aa01-34322cf2a025" data-title="background pattern" id="image-en-us-08-19-2024" data-cmp-hook-image="imageV3" class="cmp-image" itemscope itemtype="http://schema.org/ImageObject" data-target-location="false"> <a class="cmp-image__link" href="https://www.crowdstrike.com/products/trials/try-falcon-prevent" title="background pattern" data-title="background pattern" target="_self"> <img src="/content/experience-fragments/crowdstrike-www/locale-sites/us/en-us/site/blogs/right-rail/right-rail/master/_jcr_content/root/responsivegrid/image.coreimg.jpeg/1725276622301/cs-free-trial-blog-300x600-final.jpeg" class="cmp-image__image" itemprop="contentUrl" alt="background pattern"/> <svg class="cmp-image__play-icon__image-alt"> <use href="#play-alt" xmlns:xlink="https://www.w3.org/1999/xlink" xlink:href="#play-alt"></use> </svg> </a> </div> <div style="display: none;"> </div> </div> <div class="featuredarticlessidebar aem-GridColumn aem-GridColumn--default--12"> <div class="cmp-wp-logo" id="featurearticlessidebar-en-us-08-19-2024" data-target-location="false"> <div id="side-bar-featured-articles"> <div class="featured_articles_sidebar"> <h6 data-uw-rm-heading="level" role="heading" aria-level="5">FEATURED ARTICLES</h6> <a class="post" href="/en-us/blog/authorities-indict-indrik-spider-members-detail-ties-bitwise-spider-russian-state/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/authorities-indict-indrik-spider-members-detail-ties-bitwise-spider-russian-state.html"> <div class="title"></div> <div class="date">October 01, 2024</div> </a> <a class="post" href="/en-us/blog/crowdstrike-named-leader-2024-gartner-magic-quadrant-endpoint-protection/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-named-leader-2024-gartner-magic-quadrant-endpoint-protection.html"> <div class="title">CrowdStrike Named a Leader in 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms</div> <div class="date">September 25, 2024</div> </a> <a class="post" href="/en-us/blog/george-kurtz-resilient-by-design-fal-con-2024/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/george-kurtz-resilient-by-design-fal-con-2024.html"> <div class="title">Recognizing the Resilience of the CrowdStrike Community</div> <div class="date">September 25, 2024</div> </a> <a class="post" href="/en-us/blog/driving-cybersecurity-forward-new-innovations-fal-con-2024/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/driving-cybersecurity-forward-new-innovations-fal-con-2024.html"> <div class="title">CrowdStrike Drives Cybersecurity Forward with New Innovations Spanning AI, Cloud, Next-Gen SIEM and Identity Protection</div> <div class="date">September 18, 2024</div> </a> </div> </div> </div> <div style="display: none;"> </div> </div> <div class="teaser aem-GridColumn aem-GridColumn--default--12"> <div id="blogSubscribe teaser-en-us-subscribe-08-19-2024"> <div class="subscribe_cta"> <h6>SUBSCRIBE</h6> <p><p>Sign up now to receive the latest notifications and updates from CrowdStrike.</p> </p> <button class="button white-text white-outline white-text-hover dark-red-background-hover dark-red-outline-hover" data-behavior-modal data-modal-link="modal:subscribe">Sign Up</button> </div> </div> <div style="display: none;"> </div> <div style="display: none;"> </div> </div> <div class="teaser aem-GridColumn aem-GridColumn--default--12"> <div class="cmp-wp-falcon-banner-sidebar" id="teaser-en-us-see-crowdstrike-falcon®-i-10-01-2024"> <div class="demo_cta"> <div class="cmp-teaser__image"> <div data-cmp-is="image" data-asset-id="bd2863f7-8f64-4b7b-81f2-ff026eb13d91" data-title="red-falcon" id="image-en-us-10-01-2024" data-cmp-hook-image="imageV3" class="cmp-image" itemscope itemtype="http://schema.org/ImageObject" data-target-location="false"> <img src="/content/experience-fragments/crowdstrike-www/locale-sites/us/en-us/site/blogs/right-rail/right-rail/master/_jcr_content/root/responsivegrid/teaser_893945246.coreimg.svg/1727796180789/red-falcon.svg" class="cmp-image__image" itemprop="contentUrl" alt="Created with Sketch." title="red-falcon"/> <svg class="cmp-image__play-icon__image-alt"> <use href="#play-alt" xmlns:xlink="https://www.w3.org/1999/xlink" xlink:href="#play-alt"></use> </svg> <meta itemprop="caption" content="red-falcon"/> </div> <div style="display: none;"> </div> </div> <h6>See CrowdStrike Falcon<sup>®</sup> in Action</h6> <p><p>Detect, prevent, and respond to attacks— even malware-free intrusions—at any stage, with next-generation endpoint protection.</p> </p> <a class=" button white-text red-background red-outline white-text-hover dark-red-background-hover dark-red-outline-hover" href="https://www.crowdstrike.com/products/demos/" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="https://www.crowdstrike.com/products/demos/">See Demo</a> </div> </div> <div style="display: none;"> </div> <div style="display: none;"> </div> </div> </div> </div> </div> </div> <div class="responsivegrid aem-GridColumn aem-GridColumn--default--12"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> </div> </div> <div class="previousnext container-wp--prev-next aem-GridColumn aem-GridColumn--default--12"> <div class="cmp-wp-previous-next" id="previousnext-en-us-05-08-2024" data-target-location="false"> <div class="post_nav row"> <div class="col-12"> <div class="links"> <span class="fa fa-angle-double-left"></span> <a href="/en-us/blog/make-ugly-babies-cute-again-an-ma-crisis-aversion-story/" rel="prev" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/make-ugly-babies-cute-again-an-ma-crisis-aversion-story.html"> Make Ugly Babies Cute Again: An M&A Crisis Aversion Story </a> </div> <div class="links"> <a href="/en-us/blog/5-tips-for-building-cooperation-between-it-cybersecurity-and-operational-technology-teams/" rel="next" data-link-tracked="true" data-uw-rm-brl="PR" data-uw-original-href="/content/crowdstrike-www/locale-sites/us/en-us/blog/5-tips-for-building-cooperation-between-it-cybersecurity-and-operational-technology-teams.html"> 5 Tips for a Happy Marriage Between IT Cybersecurity and Operational Technology Teams </a> <span class="fa fa-angle-double-right"></span> </div> </div> </div> </div> <div style="display: none;"> </div> </div> </div> </div> </div> <div class="experiencefragment aem-GridColumn aem-GridColumn--default--12"> <div id="experiencefragment-c93ecf49fe" class="cmp-experiencefragment cmp-experiencefragment--footer" data-target-location="false"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="responsivegrid aem-GridColumn aem-GridColumn--default--12"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="footer list aem-GridColumn aem-GridColumn--default--12"><div class="container"> <div class="row"> <div class="col-md-12 top"> <span class="footer-logo"> <a class="cmp-wp-logo crowdstrike_logo" data-target-location="false"> <i class="cs-icon-cs-logo"></i> </a> <div style="display: none;"> </div> </span> <div class="cmp-social-links" id="sociallinks-en-us-05-16-2024" data-target-location="false"> <ul class="row social-links"> <li class="circle-icon-outline"> <a href="https://twitter.com/CrowdStrike" target="_blank" data-link-tracked="true" aria-label="twitter - open in a new tab" data-uw-rm-empty-ctrl="" data-uw-rm-brl="PR" data-uw-original-href="https://twitter.com/CrowdStrike" data-uw-rm-ext-link="" uw-rm-external-link-id="https://twitter.com/CrowdStrike$twitter"> <i class="fa-brands fa-x-twitter"></i> </a> </li> <li class="circle-icon-outline"> <a href="https://www.facebook.com/CrowdStrike/" target="_blank" data-link-tracked="true" aria-label="facebook - open in a new tab" data-uw-rm-empty-ctrl="" data-uw-rm-brl="PR" data-uw-original-href="https://www.facebook.com/CrowdStrike/" data-uw-rm-ext-link="" uw-rm-external-link-id="https://www.facebook.com/CrowdStrike//$facebook"> <i class="fa-brands fa-facebook"></i> </a> </li> <li class="circle-icon-outline"> <a href="https://www.linkedin.com/company/crowdstrike" target="_blank" data-link-tracked="true" aria-label="linkedin - open in a new tab" data-uw-rm-empty-ctrl="" data-uw-rm-ext-link="" uw-rm-external-link-id="https://www.linkedin.com/company/crowdstrike$linkedin"> <i class="fa-brands fa-linkedin"></i> </a> </li> <li class="circle-icon-outline"> <a href="http://www.youtube.com/user/CrowdStrike" target="_blank" data-link-tracked="true" aria-label="youtube - open in a new tab" data-uw-rm-empty-ctrl="" data-uw-rm-ext-link="" uw-rm-external-link-id="http://www.youtube.com/user/CrowdStrike$youtube"> <i class="fa-brands fa-youtube"></i> </a> </li> </ul> </div> <div style="display: none;"> </div> </div> <div class="col-md-12 bottom"> <ul class="row footer-lower-links" id="list-en-us-05-16-2024"> <li> <span>Copyright © 2024 CrowdStrike</span> </li> <li> <a href="https://www.crowdstrike.com/privacy-notice/"> <span> Privacy</span> </a> </li> <li> <a href="https://www.crowdstrike.com/services/request-information/"> <span> Request Info</span> </a> </li> <li> <a href="https://www.crowdstrike.com/blog/"> <span> Blog</span> </a> </li> <li> <a href="https://www.crowdstrike.com/contact-us/"> <span> Contact Us</span> </a> </li> <li> <span> 1.888.512.8906</span> </li> <li> <a href="https://www.crowdstrike.com/blog/#"> <span> Accessibility</span> </a> </li> </ul> </div> </div> </div> <div style="display: none;"> </div> </div> </div> </div> </div> </div> </div> </div> </div> <script src="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-common.lc-be563f3988fa40c7cde2381273c77845-lc.min.js"></script> <script src="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-wp.lc-a068c6de2785d4a0881069bd726f4dbc-lc.min.js"></script> <script src="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-addsearch.lc-44aae0e72799060f62e36b1a27882f08-lc.min.js"></script> <script src="/etc.clientlibs/core/wcm/components/commons/site/clientlibs/container.lc-0a6aff292f5cc42142779cde92054524-lc.min.js"></script> <script src="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-base.lc-98b44ec74775c5bc76b0744df1c9b66c-lc.min.js"></script> <script src="/etc.clientlibs/crowdstrike/clientlibs/crowdstrike-lottie.lc-49e94cb6c05cd98513468744a85638cb-lc.min.js"></script> <div class="cloudservice includedatalayer"> <script> if(!window.digitalData || Object.keys(window.digitalData).length === 0 ) { window.digitalData = { "component" : [ { "facebookUrl" : "https://www.facebook.com/CrowdStrike", "linkedInUrl" : "https://www.linkedin.com/company/crowdstrike", "youtubeUrl" : "https://www.youtube.com/user/CrowdStrike", "twitterUrl" : "https://www.twitter.com/CrowdStrike", "componentInfo" : { } }, { "componentInfo" : { }, "id" : "logo-en-us-10-03-2024", "title" : "BLOG", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog" }, { "recentLabel" : "Recent", "videoLabel" : "Video", "featuredPagePath" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/featured-articles.html", "categoryParentPath" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/categories-overview.html", "categoryLabel" : "Category", "recentPagePath" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/recent-articles.html", "freeTrialLabel" : "Start Free Trial", "children" : [ { "pageTitle" : "Video Highlights the 4 Key Steps to Successful Incident Response", "publishDate" : "Dec 02, 2019", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/IR-Video-Blog-1", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/video-highlights-the-4-key-steps-to-successful-incident-response.html" }, { "pageTitle" : "Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO]", "publishDate" : "Feb 21, 2019", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/video-ATTCK2-1", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/helping-non-security-stakeholders-understand-attck-in-10-minutes-or-less.html" }, { "pageTitle" : "Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO]", "publishDate" : "Aug 20, 2018", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/Edward-Gonam-Qatar-Blog2-1", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/qatars-commercial-bank-chooses-crowdstrike-falcon-a-partnership-based-on-trust.html" }, { "pageTitle" : "Endpoint Protection and Threat Intelligence: The Way Forward [VIDEO]", "publishDate" : "Aug 05, 2018", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/GK-Blog_Images-1", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/how-crowdstrike-integrates-threat-intelligence-with-endpoint-protection.html" }, { "children" : "[{\"pageTitle\":\"Shift Left, Measure Right: Assessing the Efficacy of Application Security in the Age of CI/CD\",\"publishDate\":\"11/21/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-14\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/shift-left-measure-right-assessing-efficacy-application-security-ci-cd.html\"},{\"pageTitle\":\"CrowdStrike Falcon Platform Supports Google Cloud\\u0027s ARM-Based Axion CPUs\",\"publishDate\":\"10/30/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-2-1-1\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/falcon-platform-supports-google-cloud-arm-based-axion-cpus.html\"},{\"pageTitle\":\"CrowdStrike Research Challenges Containerized Application Predictability Assumptions\",\"publishDate\":\"10/29/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0123_06_Linux-Container-Escapes_Blog_1060x698-1024x674\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/new-crowdstrike-research-challenges-containerized-workload-predictability-assumption.html\"},{\"pageTitle\":\"CrowdStrike Empowers DevSecOps Teams to Strengthen and Streamline Cloud Security\",\"publishDate\":\"10/02/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-14\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/strengthen-and-streamline-devops.html\"}]", "title" : "Cloud & Application Security", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.cloud-security.html" }, { "children" : "[{\"pageTitle\":\"Unveiling LIMINAL PANDA: A Closer Look at China\\u0027s Cyber Threats to the Telecom Sector \",\"publishDate\":\"11/19/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog-1124_01_LIMINAL-PANDA_Blog_1060x698\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/liminal-panda-telecom-sector-threats.html\"},{\"pageTitle\":\"U.S. Department of Justice Indicts Hacktivist Group Anonymous Sudan for Prominent DDoS Attacks in 2023 and 2024\",\"publishDate\":\"10/16/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_04_US-Indicts-Hacktivist-Group\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/anonymous-sudan-hacktivist-group-ddos-indictment.html\"},{\"pageTitle\":\"International Authorities Indict, Sanction Additional INDRIK SPIDER Members and Detail Ties to BITWISE SPIDER and Russian State Activity\",\"publishDate\":\"10/01/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0924_05_Indrik-Spider-Indictment\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/authorities-indict-indrik-spider-members-detail-ties-bitwise-spider-russian-state.html\"},{\"pageTitle\":\"How CrowdStrike Hunts, Identifies and Defeats Cloud-Focused Threats\",\"publishDate\":\"09/26/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0824_03_THR-Cloud-Threats\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/how-crowdstrike-hunts-identifies-and-defeats-cloud-threats.html\"}]", "title" : "Counter Adversary Operations", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.counter-adversary-operations.html" }, { "children" : "[{\"pageTitle\":\"CrowdStrike Partners with MITRE Center for Threat-Informed Defense to Launch Secure AI Project\",\"publishDate\":\"11/22/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-7\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/mitre-center-for-threat-informed-defense-secure-ai-project-partnership.html\"},{\"pageTitle\":\"Gulf Bank Swaps Four Security Products for the CrowdStrike Falcon Platform, Saving Time and Money\",\"publishDate\":\"11/22/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog-1124_02_Gulf-Bank_Consolidating-with-CS\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/gulf-bank-saves-with-crowdstrike.html\"},{\"pageTitle\":\"CrowdStrike Receives High Scores in 2024 Gartner® Critical Capabilities for Endpoint Protection Platforms Report\",\"publishDate\":\"10/31/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0222_03_Falcon_Platform_Blog_1060x698-1024x674\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-top-scores-2024-gartner-critical-capabilities-endpoint-protection-platforms-report.html\"},{\"pageTitle\":\"CrowdStrike + Fortinet: Unifying AI-Native Endpoint and Next-Gen Firewall Protection\",\"publishDate\":\"10/22/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/CS-Fortinet_Blog\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-fortinet-partnership-unifies-endpoint-firewall-protection.html\"}]", "title" : "Endpoint Security & XDR", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.endpoint-protection.html" }, { "children" : "[{\"pageTitle\":\"Tech Analysis: Channel File May Contain Null Bytes\",\"publishDate\":\"07/24/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/ResourceCards-04\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/tech-analysis-channel-file-may-contain-null-bytes.html\"},{\"pageTitle\":\"EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis\",\"publishDate\":\"06/06/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Falcon-Script-Control-Blog-1-1024x674\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/embersim-large-databank-for-similarity-research-in-cybersecurity.html\"},{\"pageTitle\":\"CrowdStrike Falcon Next-Gen SIEM Unveils Advanced Detection of Ransomware Targeting VMware ESXi Environments\",\"publishDate\":\"04/15/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/XXXX_Falcon-LogScale-So-Fast_Blog_1060x698\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/esxi-ransomware-detection-falcon-next-gen-siem.html\"},{\"pageTitle\":\"CrowdStrike’s Advanced Memory Scanning Stops Threat Actor Using BRc4 at Telecommunications Customer\",\"publishDate\":\"09/27/23\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0123_11_DLL-Sideloading_Advanced-Memory-Scanning_Blog_1060x698\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrikes-advanced-memory-scanning-stops-threat-actor.html\"}]", "title" : "Engineering & Tech", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.engineering-and-technology.html" }, { "children" : "[{\"pageTitle\":\"CrowdStrike Launches AI Red Team Services to Secure AI Innovation\",\"publishDate\":\"11/07/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog-AI-Red-Team\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-launches-ai-red-team-services.html\"},{\"pageTitle\":\"CrowdStrike to Acquire Adaptive Shield to Deliver Integrated SaaS Security Posture Management\",\"publishDate\":\"11/06/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/alpine-blog-social\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-acquires-adaptive-shield-and-integrates-saas-protection.html\"},{\"pageTitle\":\"Fal.Con Europe: Bringing the Power of the Crowd to Amsterdam\",\"publishDate\":\"10/14/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_02_Fal.Con-Europe_01\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/fal-con-europe-2024.html\"},{\"pageTitle\":\"Recognizing the Resilience of the CrowdStrike Community\",\"publishDate\":\"09/25/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0924_04_Post-Fal.Con_Resilient-by-Design_03B\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/george-kurtz-resilient-by-design-fal-con-2024.html\"}]", "title" : "Executive Viewpoint", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.executive-viewpoint.html" }, { "children" : "[{\"pageTitle\":\"CrowdStrike Named a Leader with “Bold Vision” in 2024 Forrester Wave for Cybersecurity Incident Response Services\",\"publishDate\":\"06/10/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/xdr-wave-blog-image-1068x698-headline-3-1024x669\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-named-leader-for-cybersecurity-incident-response-services-q2-2024.html\"},{\"pageTitle\":\"How to Defend Employees and Data as Social Engineering Evolves\",\"publishDate\":\"03/22/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_0520_08-1\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/how-to-defend-employees-data-as-social-engineering-evolves.html\"},{\"pageTitle\":\"The Anatomy of an ALPHA SPIDER Ransomware Attack\",\"publishDate\":\"02/29/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/SPIDER-adversary-blog-main-image\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/anatomy-of-alpha-spider-ransomware.html\"},{\"pageTitle\":\"CrowdStrike Services Offers Incident Response Executive Preparation Checklist\",\"publishDate\":\"10/23/23\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0122_03_IR_Tracker_for_DFIR_Community\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-incident-response-executive-prep-checklist.html\"}]", "title" : "From The Front Lines", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.from-the-front-lines.html" }, { "children" : "[{\"pageTitle\":\"Pegasystems Consolidates Endpoint, Identity and Cloud Security with CrowdStrike\",\"publishDate\":\"11/13/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-1-768x506\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/pegasystems-consolidates-endpoint-identity-cloud-security.html\"},{\"pageTitle\":\"Protect Your Weakest Link: New Account Linking Capabilities Use AI to Thwart Identity-Based Attacks \",\"publishDate\":\"10/24/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/1024_05_New-Account-Linking_AI-Stops-ID-Attacks_Blog\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/new-account-linking-capabilities-crowdstrike-falcon-identity-protection.html\"},{\"pageTitle\":\"CrowdStrike Announces Falcon Identity Protection Innovations for Entra ID and Privileged Access\",\"publishDate\":\"09/17/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0824_02_Fal.Con-Preview_ID\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-unveils-falcon-identity-protection-innovations-fal-con-2024.html\"},{\"pageTitle\":\"Elevating Identity Security at Fal.Con 2024\",\"publishDate\":\"09/11/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0824_02_Fal.Con-Preview_ID-1024x674\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/elevating-identity-security-fal-con-2024.html\"}]", "title" : "Identity Protection", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.identity-protection.html" }, { "children" : "[{\"pageTitle\":\"CrowdStrike and Cribl Expand Partnership with CrowdStream for Next-Gen SIEM\",\"publishDate\":\"11/21/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0324_02_Next-Gen_SIEM\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/cribl-partnership-crowdstream-expansion.html\"},{\"pageTitle\":\"Falcon Foundry: Build Custom Apps to Solve Tough Security Challenges\",\"publishDate\":\"10/22/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-1\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/building-custom-apps-with-crowdstrike-falcon-foundry.html\"},{\"pageTitle\":\"Top FAQs about CrowdStrike Falcon Next-Gen SIEM\",\"publishDate\":\"10/21/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/1222_08_10-Questions_Choosing-LogMgmt-Solution_Blog_1060x698-1024x674\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/falcon-next-gen-siem-top-faqs.html\"},{\"pageTitle\":\"Bolster Microsoft Entra ID Protection with Falcon Identity Protection and Falcon Next-Gen SIEM\",\"publishDate\":\"10/15/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/1023_03_Compromising-Identity-Provider-Federation-1024x674\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/entra-id-protection-with-falcon-idp-and-next-gen-siem.html\"}]", "title" : "Next-Gen SIEM & Log Management", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.observability-and-log-management.html" }, { "children" : "[{\"pageTitle\":\"CrowdStrike Statement on Bloomberg’s October 25, 2024 Story\",\"publishDate\":\"10/25/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Falcon-on-white\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-statement-bloomberg.html\"},{\"pageTitle\":\"Achieving Ecosystem-level Cybersecurity: A U.S. Policy Perspective\",\"publishDate\":\"06/11/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0522_11_Falcon_ID-Threat-Protection_Fed-State-Local_Blog_1060x698\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/next-steps-for-ecosystem-level-cybersecurity.html\"},{\"pageTitle\":\"CrowdStrike Launches SEC Readiness Services to Prepare Boardrooms for New Regulations\",\"publishDate\":\"03/14/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-21-1\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/sec_readiness.html\"},{\"pageTitle\":\"After Years of Success, State of Wyoming Looks to Expand CrowdStrike Protections Statewide\",\"publishDate\":\"02/28/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/Identity-protection-for-government-blog-main-image\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/state-of-wyoming-looks-to-expand-crowdstrike-protections.html\"}]", "title" : "Public Sector", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.public-sector.html" }, { "children" : "[{\"pageTitle\":\"November 2024 Patch Tuesday: Four Critical and Three Zero-Days Among 158 Vulnerabilities Patched\",\"publishDate\":\"11/12/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/patch-tuesday-blog-1\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/patch-tuesday-analysis-november-2024.html\"},{\"pageTitle\":\"October 2024 Patch Tuesday: Two Zero-Days and Three Critical Vulnerabilities Amid 118 CVEs\",\"publishDate\":\"10/08/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/patch-tuesday-blog-1\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/patch-tuesday-analysis-october-2024.html\"},{\"pageTitle\":\"CrowdStrike Named a Leader in the 2024 Forrester Wave™: Attack Surface Management Solutions\",\"publishDate\":\"10/03/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/24-OTH-184_Forrester ASM Wave BLOG v2 1060x698\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-named-leader-forrester-wave-attack-surface-management-2024.html\"},{\"pageTitle\":\"September 2024 Patch Tuesday: Four Zero-Days and Seven Critical Vulnerabilities Amid 79 CVEs\",\"publishDate\":\"09/09/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/patch-tuesday-blog-1\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/patch-tuesday-analysis-september-2024.html\"}]", "title" : "Exposure Management", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.exposure-management.html" }, { "children" : "[{\"pageTitle\":\"CrowdStrike Strengthens SMB Security with Seamless Mobile Protection\",\"publishDate\":\"11/21/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_03_SMB-Big-Protection\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/smb-security-seamless-mobile-protection.html\"},{\"pageTitle\":\"Small Business, Big Defense: Four Pillars of an Effective Cybersecurity Awareness Program\",\"publishDate\":\"10/14/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_03_SMB-Big-Protection\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/four-steps-to-increase-cyber-resilience.html\"},{\"pageTitle\":\"3 Ways Small Businesses Can Make Big Strides in Cybersecurity\",\"publishDate\":\"06/14/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/1022_08_Small-Business-Rethink-Cybersecurity_Blog_1060x698\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/3-ways-small-businesses-big-strides-cybersecurity.html\"},{\"pageTitle\":\"CrowdStrike Falcon for Mobile Unlocks New Mobile Security Options for SMBs\",\"publishDate\":\"06/12/24\",\"pageThumbnail\":\"https://assets.crowdstrike.com/is/image/crowdstrikeinc/0921_06_Telecomm_LightBasin\",\"url\":\"/content/crowdstrike-www/locale-sites/us/en-us/blog/falcon-for-mobile-unlocks-small-business-security-options.html\"}]", "title" : "Small Business", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.small-business.html" }, { "pageTitle" : "CrowdStrike Partners with MITRE Center for Threat-Informed Defense to Launch Secure AI Project", "publishDate" : "Nov 22, 2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-7", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/mitre-center-for-threat-informed-defense-secure-ai-project-partnership.html" }, { "pageTitle" : "Gulf Bank Swaps Four Security Products for the CrowdStrike Falcon Platform, Saving Time and Money", "publishDate" : "Nov 22, 2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog-1124_02_Gulf-Bank_Consolidating-with-CS", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/gulf-bank-saves-with-crowdstrike.html" }, { "pageTitle" : "CrowdStrike Strengthens SMB Security with Seamless Mobile Protection", "publishDate" : "Nov 21, 2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_03_SMB-Big-Protection", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/smb-security-seamless-mobile-protection.html" }, { "pageTitle" : "CrowdStrike and Cribl Expand Partnership with CrowdStream for Next-Gen SIEM", "publishDate" : "Nov 21, 2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/0324_02_Next-Gen_SIEM", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/cribl-partnership-crowdstream-expansion.html" }, { "pageTitle" : "CrowdStrike Partners with MITRE Center for Threat-Informed Defense to Launch Secure AI Project", "publishDate" : "Nov 22, 2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_1060x698-7", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/mitre-center-for-threat-informed-defense-secure-ai-project-partnership.html" }, { "pageTitle" : "Gulf Bank Swaps Four Security Products for the CrowdStrike Falcon Platform, Saving Time and Money", "publishDate" : "Nov 22, 2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog-1124_02_Gulf-Bank_Consolidating-with-CS", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/gulf-bank-saves-with-crowdstrike.html" }, { "pageTitle" : "CrowdStrike Strengthens SMB Security with Seamless Mobile Protection", "publishDate" : "Nov 21, 2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/blog-1024_03_SMB-Big-Protection", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/smb-security-seamless-mobile-protection.html" }, { "pageTitle" : "CrowdStrike and Cribl Expand Partnership with CrowdStream for Next-Gen SIEM", "publishDate" : "Nov 21, 2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/0324_02_Next-Gen_SIEM", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/cribl-partnership-crowdstream-expansion.html" } ], "componentInfo" : { }, "id" : "navigation-en-us-10-03-2024", "featuredLabel" : "Featured", "videoPagePath" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/videos.html", "freeTrialPagePath" : "https://www.crowdstrike.com/products/trials/try-falcon-prevent" }, { "pageTitle" : "Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER", "author" : "Eric.John.and.Harlan.Carvey", "publishDate" : "May 30, 2019", "componentInfo" : { }, "authorLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/author.eric-john-and-harlan-carvey.html", "id" : "headline-en-us-04-19-2024", "categories" : "From The Front Lines", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.from-the-front-lines.html", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/SPIDER-timeline-blog-1" }, { "linkedInUrl" : "https://www.linkedin.com/shareArticle", "twitterUrl" : "https://twitter.com/share", "twitterShareUrl" : "https://twitter.com/share?text=Unraveling+the+Spiderweb:+Timelining+ATT&CK+Artifacts+Used+by+GRIM+SPIDER&url=https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/", "componentInfo" : { }, "rssFeedUrl" : "/en-us/blog/feed", "id" : "sociallinks-en-us-05-08-2024", "linkedInShareUrl" : "https://www.linkedin.com/shareArticle?mini=true&url=https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/&title=Unraveling+the+Spiderweb:+Timelining+ATT&CK+Artifacts+Used+by+GRIM+SPIDER" }, { "relatedContentLabel" : "Related Content", "children" : [ { "pageTitle" : "CrowdStrike Named a Leader with “Bold Vision” in 2024 Forrester Wave for Cybersecurity Incident Response Services", "id" : "relatedcontent-en-us-05-08-2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/xdr-wave-blog-image-1068x698-headline-3-1024x669", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-named-leader-for-cybersecurity-incident-response-services-q2-2024.html" }, { "pageTitle" : "How to Defend Employees and Data as Social Engineering Evolves", "id" : "relatedcontent-en-us-05-08-2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/Blog_0520_08-1", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/how-to-defend-employees-data-as-social-engineering-evolves.html" }, { "pageTitle" : "The Anatomy of an ALPHA SPIDER Ransomware Attack", "id" : "relatedcontent-en-us-05-08-2024", "pageThumbnail" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/SPIDER-adversary-blog-main-image", "url" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/anatomy-of-alpha-spider-ransomware.html" } ], "componentInfo" : { }, "id" : "relatedcontent-en-us-05-08-2024" }, { "children" : [ { "count" : "105", "title" : "Cloud & Application Security", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.cloud-security.html" }, { "count" : "185", "title" : "Counter Adversary Operations", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.counter-adversary-operations.html" }, { "count" : "309", "title" : "Endpoint Security & XDR", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.endpoint-protection.html" }, { "count" : "78", "title" : "Engineering & Tech", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.engineering-and-technology.html" }, { "count" : "164", "title" : "Executive Viewpoint", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.executive-viewpoint.html" }, { "count" : "85", "title" : "Exposure Management", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.exposure-management.html" }, { "count" : "190", "title" : "From The Front Lines", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.from-the-front-lines.html" }, { "count" : "38", "title" : "Identity Protection", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.identity-protection.html" }, { "count" : "92", "title" : "Next-Gen SIEM & Log Management", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.observability-and-log-management.html" }, { "count" : "37", "title" : "Public Sector", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.public-sector.html" }, { "count" : "9", "title" : "Small Business", "categoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.small-business.html" } ], "categoryLabel" : "Categories", "componentInfo" : { }, "id" : "categories-en-us-08-19-2024" }, { "facebookUrl" : "https://www.facebook.com/CrowdStrike/", "linkedInUrl" : "https://www.linkedin.com/company/crowdstrike", "youtubeUrl" : "http://www.youtube.com/user/CrowdStrike", "twitterUrl" : "https://twitter.com/CrowdStrike", "twitterShareUrl" : "https://twitter.com/CrowdStrike?text=Unraveling+the+Spiderweb:+Timelining+ATT&CK+Artifacts+Used+by+GRIM+SPIDER&url=https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/", "componentInfo" : { }, "rssFeedUrl" : "/en-us/blog/feed", "instagramUrl" : "https://www.instagram.com/crowdstrike/?hl=en", "id" : "sociallinks-en-us-08-19-2024", "linkedInShareUrl" : "https://www.linkedin.com/company/crowdstrike?mini=true&url=https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/&title=Unraveling+the+Spiderweb:+Timelining+ATT&CK+Artifacts+Used+by+GRIM+SPIDER" }, { "componentInfo" : { }, "id" : "image-en-us-08-19-2024", "fileReference" : "/content/dam/crowdstrike/www/en-us/wp/2021/07/CS_Free_Trial_blog_300x600_final.jpg", "thumbnailImagePath" : "/content/dam/crowdstrike/www/en-us/wp/2021/07/CS_Free_Trial_blog_300x600_final.jpg/jcr:content/renditions/cq5dam.thumbnail.319.319.png", "url" : "https://www.crowdstrike.com/products/trials/try-falcon-prevent/" }, { "componentInfo" : { }, "id" : "featurearticlessidebar-en-us-08-19-2024", "featuredList" : [ { "pageTitle" : "International Authorities Indict, Sanction Additional INDRIK SPIDER Members and Detail Ties to BITWISE SPIDER and Russian State Activity", "pagePath" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/authorities-indict-indrik-spider-members-detail-ties-bitwise-spider-russian-state.html", "thumbnailPath" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/0924_05_Indrik-Spider-Indictment", "publishDate" : "October 01, 2024", "description" : "CrowdStrike often collaborates with law enforcement agencies to identify, track and stop cyber threats. We recently worked with law enforcement stakeholders within the U.K.’s National Crime Agency as […]", "pageAuthor" : "Counter Adversary Operations", "pageAuthorLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/author.counter-adversary-operations.html", "pageCategory" : "Counter Adversary Operations", "pageCategoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.counter-adversary-operations.html", "pageHeadlineTitle" : null, "ctaLabel" : "Counter Adversary Operations", "viewNeeded" : true }, { "pageTitle" : "CrowdStrike Named a Leader in 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms", "pagePath" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/crowdstrike-named-leader-2024-gartner-magic-quadrant-endpoint-protection.html", "thumbnailPath" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/1060x698-Blog_2024-Gartner-MQ-for-EPP-headline-1-resize", "publishDate" : "September 25, 2024", "description" : "CrowdStrike is proud to be named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. We believe this recognition clearly demonstrates the power of the CrowdStrike Falcon® […]", "pageAuthor" : "Sunil Frida", "pageAuthorLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/author.sunil-frida.html", "pageCategory" : "Endpoint Security & XDR", "pageCategoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.endpoint-protection.html", "pageHeadlineTitle" : "CrowdStrike Named a Leader in 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms", "ctaLabel" : "Endpoint Security & XDR", "viewNeeded" : true }, { "pageTitle" : "Recognizing the Resilience of the CrowdStrike Community", "pagePath" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/george-kurtz-resilient-by-design-fal-con-2024.html", "thumbnailPath" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/0924_04_Post-Fal.Con_Resilient-by-Design_03B", "publishDate" : "September 25, 2024", "description" : "Our annual Fal.Con user conference is always one of the highlights of my year because it’s a chance to spend time with some of my favorite people: our customers and partners. This year’s event has spe[…]", "pageAuthor" : "George Kurtz", "pageAuthorLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/author.george-kurtz.html", "pageCategory" : "Executive Viewpoint", "pageCategoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.executive-viewpoint.html", "pageHeadlineTitle" : "Recognizing the Resilience of the CrowdStrike Community", "ctaLabel" : "Executive Viewpoint", "viewNeeded" : true }, { "pageTitle" : "CrowdStrike Drives Cybersecurity Forward with New Innovations Spanning AI, Cloud, Next-Gen SIEM and Identity Protection", "pagePath" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/driving-cybersecurity-forward-new-innovations-fal-con-2024.html", "thumbnailPath" : "https://assets.crowdstrike.com/is/image/crowdstrikeinc/0824_02_Fal.Con-Preview_MS-1024x674", "publishDate" : "September 18, 2024", "description" : "Today’s threat landscape is defined by adversaries’ increasing speed and quickly evolving tactics. Now more than ever, it is imperative organizations unify and accelerate their security operations to […]", "pageAuthor" : "Michael Sentonas", "pageAuthorLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/author.michael-sentonas.html", "pageCategory" : "Executive Viewpoint", "pageCategoryLink" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/category.executive-viewpoint.html", "pageHeadlineTitle" : "CrowdStrike Drives Cybersecurity Forward with New Innovations Spanning AI, Cloud, Next-Gen SIEM and Identity Protection", "ctaLabel" : "Executive Viewpoint", "viewNeeded" : true } ] }, { "children" : [ { "externalLink" : "false", "id" : "teaser-en-us-subscribe-08-19-2024", "text" : "Sign Up", "url" : "modal:subscribe" } ], "componentInfo" : { }, "id" : "teaser-en-us-subscribe-08-19-2024" }, { "children" : [ { "externalLink" : "false", "id" : "teaser-en-us-see-crowdstrike-falcon®-i-10-01-2024", "text" : "See Demo", "url" : "https://www.crowdstrike.com/products/demos/" } ], "componentInfo" : { }, "id" : "teaser-en-us-see-crowdstrike-falcon®-i-10-01-2024" }, { "nextPagePath" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/5-tips-for-building-cooperation-between-it-cybersecurity-and-operational-technology-teams.html", "previousPagePath" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/make-ugly-babies-cute-again-an-ma-crisis-aversion-story.html", "previousPageTitle" : "Make Ugly Babies Cute Again: An M&A Crisis Aversion Story", "nextPageTitle" : "5 Tips for a Happy Marriage Between IT Cybersecurity and Operational Technology Teams", "componentInfo" : { }, "id" : "previousnext-en-us-05-08-2024" }, { "componentInfo" : { }, "id" : "logo-en-us-05-16-2024" }, { "facebookUrl" : "https://www.facebook.com/CrowdStrike/", "linkedInUrl" : "https://www.linkedin.com/company/crowdstrike", "youtubeUrl" : "http://www.youtube.com/user/CrowdStrike", "twitterUrl" : "https://twitter.com/CrowdStrike", "componentInfo" : { } }, { "children" : [ { "externalLink" : "\"false\"", "id" : "list-en-us-05-16-2024", "text" : "Copyright © 2024 CrowdStrike" }, { "externalLink" : "\"false\"", "id" : "list-en-us-05-16-2024", "text" : "Privacy", "url" : "https://www.crowdstrike.com/privacy-notice/" }, { "externalLink" : "\"false\"", "id" : "list-en-us-05-16-2024", "text" : "Request Info", "url" : "https://www.crowdstrike.com/services/request-information/" }, { "externalLink" : "\"false\"", "id" : "list-en-us-05-16-2024", "text" : "Blog", "url" : "https://www.crowdstrike.com/blog/" }, { "externalLink" : "\"false\"", "id" : "list-en-us-05-16-2024", "text" : "Contact Us", "url" : "https://www.crowdstrike.com/contact-us/" }, { "externalLink" : "\"false\"", "id" : "list-en-us-05-16-2024", "text" : " 1.888.512.8906" }, { "externalLink" : "\"false\"", "id" : "list-en-us-05-16-2024", "text" : "Accessibility", "url" : "https://www.crowdstrike.com/blog/#" } ], "componentInfo" : { } } ], "version " : "1.0", "page" : { "pageInfo" : { "pageType" : "blog child", "publisher" : "crowdstrike.com", "language" : "en_US", "destinationURL" : "https://www.crowdstrike.com/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics/", "sysEnv" : "prod", "issueDate" : "2024-09-25T10:37:56Z00", "pageID" : "/content/crowdstrike-www/locale-sites/us/en-us/blog/timelining-grim-spiders-big-game-hunting-tactics", "pageName" : "Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER", "breadcrumbs" : [ "CrowdStrike.com", "Locale Sites", "United States", "CrowdStrike: Definitive AI-native cybersecurity platform", "Blog", "Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER" ], "effectiveDate" : "2024-09-25T10:37:56Z00" }, "attributes" : { "template" : "crowdstrike-blog-detail-page", "tags" : [ ] }, "category" : { "primaryCategory" : "blog child" } }, "event" : [ { "eventName" : "Page Load", "eventAction" : "pageLoad" } ] } } </script> </div> </body> </html>

CINXE.COM

Timelining GRIM SPIDER's Big Game Hunting Tactics | CrowdStrike