ShinySp1d3r is described as a ransomware service associated with the Scattered Lapsus$ Hunters (SLSH) ecosystem. The content states that SLSH combines elements of Scattered Spider, LAPSUS$, and ShinyHunters, and specifically describes ShinySp1d3r as a collaborative “supergroup” comprising elements of ShinyHunters, Scattered Spider, and LAPSUS$. It was reportedly announced by “Rey,” who was allegedly an admin for the Hellcat ransomware group, as SLSH’s own ransomware service. The available content does not provide high-confidence technical details on ShinySp1d3r’s malware, intrusion chain, or victimology beyond its association with SLSH and the constituent groups named above.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Referenced as a collaborative supergroup composed of elements from multiple named threat groups.
ShinySp1d3r is a ransomware service allegedly launched by SLSH, based on the Hellcat ransomware codebase. It is used in extortion and data theft operations.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.