Inside Intelligence Center: LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus

EclecticIQ analysts observed a LUNAR SPIDER malvertising campaign that used SEO poisoning and an obfuscated Latrodectus JavaScript downloader to fetch MSI installers which deploy Brute Ratel C4; the report documents infrastructure overlaps with IcedID, links to ALPHV/BlackCat ransomware activity, maps TTPs to MITRE ATT&CK, and provides YARA rules and IOCs for detection and blocking.