[threat-actors] Add TA577

This commit is contained in:
Mathieu Beligon 2023-02-13 13:32:24 -08:00
parent e836a4a63c
commit 20c31a5d10

View file

@ -10038,10 +10038,15 @@
{ {
"description": "One of the most active Qbot malware affiliates, Proofpoint has tracked the large cybercrime threat actor TA570 since 2018.", "description": "One of the most active Qbot malware affiliates, Proofpoint has tracked the large cybercrime threat actor TA570 since 2018.",
"meta": { "meta": {
"country": "RU",
"references": [ "references": [
"https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware", "https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware",
"https://therecord.media/hackers-using-follina-windows-zero-day-to-spread-qbot-malware/", "https://therecord.media/hackers-using-follina-windows-zero-day-to-spread-qbot-malware/",
"https://isc.sans.edu/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728" "https://isc.sans.edu/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728",
"https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/"
],
"synonyms": [
"DEV-0450"
] ]
}, },
"related": [ "related": [
@ -10068,8 +10073,9 @@
"references": [ "references": [
"https://blogs.blackberry.com/en/2021/08/blackberry-prevents-threat-actor-group-ta575-and-dridex-malware", "https://blogs.blackberry.com/en/2021/08/blackberry-prevents-threat-actor-group-ta575-and-dridex-malware",
"https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware", "https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware",
"https://www.zdnet.com/article/ta575-criminal-group-using-squid-game-lures-for-dridex-malware/" "https://www.zdnet.com/article/ta575-criminal-group-using-squid-game-lures-for-dridex-malware/",
], "https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware"
]
}, },
"related": [ "related": [
{ {
@ -10116,6 +10122,73 @@
} }
], ],
"value": "TA575" "value": "TA575"
},
{
"description": "TA577 is a prolific cybercrime threat actor tracked by Proofpoint since mid-2020. This actor conducts broad targeting across various industries and geographies, and Proofpoint has observed TA577 deliver payloads including Qbot, IcedID, SystemBC, SmokeLoader, Ursnif, and Cobalt Strike.",
"meta": {
"country": "RU",
"references": [
"https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware",
"https://thehackernews.com/2021/06/ransomware-attackers-partnering-with.html",
"https://www.itpro.com/security/ransomware/359919/ransomware-criminals-look-to-other-hackers-to-provide-them-with-network",
"https://exchange.xforce.ibmcloud.com/threat-group/guid:1dda890fa2662ed26b451c703e922315"
],
"synonyms": [
"Hive0118"
]
},
"related": [
{
"dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "edc5e045-5401-42bb-ad92-52b5b2ee0de9",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "26f5afaf-0bd7-4741-91ab-917bdd837330",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "cd0ad49d-7f79-45e0-91ba-c5eecdabe3aa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "ba91d713-c36e-4d98-9fb7-e16496a69eec",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "4f3ad937-bf2f-40cb-9695-a2bedfd41bfa",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
}
],
"value": "TA577"
} }
], ],
"version": 258 "version": 258