mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
[threat-actors] Add TA577
This commit is contained in:
parent
e836a4a63c
commit
20c31a5d10
1 changed files with 76 additions and 3 deletions
|
@ -10038,10 +10038,15 @@
|
||||||
{
|
{
|
||||||
"description": "One of the most active Qbot malware affiliates, Proofpoint has tracked the large cybercrime threat actor TA570 since 2018.",
|
"description": "One of the most active Qbot malware affiliates, Proofpoint has tracked the large cybercrime threat actor TA570 since 2018.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
"country": "RU",
|
||||||
"references": [
|
"references": [
|
||||||
"https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware",
|
"https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware",
|
||||||
"https://therecord.media/hackers-using-follina-windows-zero-day-to-spread-qbot-malware/",
|
"https://therecord.media/hackers-using-follina-windows-zero-day-to-spread-qbot-malware/",
|
||||||
"https://isc.sans.edu/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728"
|
"https://isc.sans.edu/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728",
|
||||||
|
"https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"DEV-0450"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -10068,8 +10073,9 @@
|
||||||
"references": [
|
"references": [
|
||||||
"https://blogs.blackberry.com/en/2021/08/blackberry-prevents-threat-actor-group-ta575-and-dridex-malware",
|
"https://blogs.blackberry.com/en/2021/08/blackberry-prevents-threat-actor-group-ta575-and-dridex-malware",
|
||||||
"https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware",
|
"https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware",
|
||||||
"https://www.zdnet.com/article/ta575-criminal-group-using-squid-game-lures-for-dridex-malware/"
|
"https://www.zdnet.com/article/ta575-criminal-group-using-squid-game-lures-for-dridex-malware/",
|
||||||
],
|
"https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
{
|
{
|
||||||
|
@ -10116,6 +10122,73 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"value": "TA575"
|
"value": "TA575"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "TA577 is a prolific cybercrime threat actor tracked by Proofpoint since mid-2020. This actor conducts broad targeting across various industries and geographies, and Proofpoint has observed TA577 deliver payloads including Qbot, IcedID, SystemBC, SmokeLoader, Ursnif, and Cobalt Strike.",
|
||||||
|
"meta": {
|
||||||
|
"country": "RU",
|
||||||
|
"references": [
|
||||||
|
"https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware",
|
||||||
|
"https://thehackernews.com/2021/06/ransomware-attackers-partnering-with.html",
|
||||||
|
"https://www.itpro.com/security/ransomware/359919/ransomware-criminals-look-to-other-hackers-to-provide-them-with-network",
|
||||||
|
"https://exchange.xforce.ibmcloud.com/threat-group/guid:1dda890fa2662ed26b451c703e922315"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Hive0118"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "edc5e045-5401-42bb-ad92-52b5b2ee0de9",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "26f5afaf-0bd7-4741-91ab-917bdd837330",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "cd0ad49d-7f79-45e0-91ba-c5eecdabe3aa",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "ba91d713-c36e-4d98-9fb7-e16496a69eec",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "4f3ad937-bf2f-40cb-9695-a2bedfd41bfa",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"value": "TA577"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 258
|
"version": 258
|
||||||
|
|
Loading…
Reference in a new issue