[threat-actors] Add TA570

clusters/threat-actor.json

@@ -10034,6 +10034,33 @@
         }
       ],
       "value": "Moskalvzapoe"
+    },
+    {
+      "description": "One of the most active Qbot malware affiliates, Proofpoint has tracked the large cybercrime threat actor TA570 since 2018.",
+      "meta": {
+        "references": [
+          "https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware",
+          "https://therecord.media/hackers-using-follina-windows-zero-day-to-spread-qbot-malware/",
+          "https://isc.sans.edu/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "2ccaccd0-8362-4224-8497-2012e7cc7549",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "edc5e045-5401-42bb-ad92-52b5b2ee0de9",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "value": "TA570"
     }
   ],
   "version": 258