Full Report
2025-07-03 • Rapid7 • Rapid7 • win.mimikatz, win.poortry Open article on Malpedia
Analysis Summary
The provided article description is extremely minimal and focuses only on the source and the inclusion of specific malware within a broader inventory context rather than providing substantive threat intelligence details about the actor itself.
Based *only* on the provided context snippet (which names the actor and mentions two associated malware families observed in an inventory), here is the structured summary:
# Threat Actor: Scattered Spider
## Attribution & Identity
Attribution information is not detailed in the provided context snippet, other than identifying the actor as **Scattered Spider**. The analysis originates from **Rapid7**.
## Activity Summary
No specific historical activities or recent campaigns are described in the provided context snippet.
## Tactics, Techniques & Procedures
The context mentions the following tools/malware associated with an inventory that includes Scattered Spider:
- `win.mimikatz`
- `win.poortry`
(No specific MITRE ATT&CK IDs are provided in the snippet.)
## Targeting
- Sectors: Information not available in the provided snippet.
- Geography: Information not available in the provided snippet.
- Victims: Information not available in the provided snippet.
## Tools & Infrastructure
- Malware families used: `win.mimikatz`, `win.poortry`
- Infrastructure (C2, domains, IPs): Information not available in the provided snippet.
## Implications
The direct implication based on this context is that Scattered Spider activity is associated with the use of commodity tools like Mimikatz for credential access. Strategic implications require the full Rapid7 report.
## Mitigations
No specific mitigation recommendations are detailed in the provided snippet.