Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

TA577

TA577 is an initial access broker (IAB) that has distributed QakBot and Pikabot, and was among the first observed groups distributing Latrodectus in 2023.(Citation: Latrodectus APR 2024)

ID: G1037

Associated Groups:

Created: 17 Sep 2024

Last Modified: 17 Sep 2024

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1059	.003	Command and Scripting Interpreter: Windows Command Shell	TA577 has used BAT files in malware execution chains.(Citation: Latrodectus APR 2024)
		.007	Command and Scripting Interpreter: JavaScript	TA577 has used JavaScript to execute additional malicious payloads.(Citation: Latrodectus APR 2024)
Enterprise	T1586	.002	Compromise Accounts: Email Accounts	TA577 has sent thread hijacked messages from compromised emails.(Citation: Latrodectus APR 2024)
Enterprise	T1027	.009	Obfuscated Files or Information: Embedded Payloads	TA577 has used LNK files to execute embedded DLLs.(Citation: Latrodectus APR 2024)
Enterprise	T1566	.002	Phishing: Spearphishing Link	TA577 has sent emails containing links to malicious JavaScript files.(Citation: Latrodectus APR 2024)
Enterprise	T1204	.001	User Execution: Malicious Link	TA577 has lured users into executing malicious JavaScript files by sending malicious links via email.(Citation: Latrodectus APR 2024)

ID	Name	References	Techniques
Software
S1145	Pikabot	(Citation: Elastic Pikabot 2024) (Citation: Latrodectus APR 2024) (Citation: Logpoint Pikabot 2024) (Citation: Zscaler Pikabot 2023)	System Network Configuration Discovery, Windows Command Shell, Domain Trust Discovery, Thread Execution Hijacking, Debugger Evasion, Non-Standard Port, Symmetric Cryptography, Exfiltration Over C2 Channel, Local Account, Native API, System Information Discovery, Fileless Storage, Steganography, Reflective Code Loading, Standard Encoding, Deobfuscate/Decode Files or Information, Embedded Payloads, Portable Executable Injection, Environmental Keying, Registry Run Keys / Startup Folder, System Checks
S1160	Latrodectus	(Citation: Bitsight Latrodectus June 2024) (Citation: Bleeping Computer Latrodectus April 2024) (Citation: IceNova) (Citation: Latrodectus APR 2024) (Citation: Unidentified 111)	Web Service, Rundll32, Standard Encoding, Windows Command Shell, System Network Configuration Discovery, Msiexec, Network Share Discovery, Process Discovery, System Owner/User Discovery, Scheduled Task, Malicious Link, Dynamic API Resolution, Data from Local System, Spearphishing Attachment, Deobfuscate/Decode Files or Information, File Deletion, File and Directory Discovery, Component Object Model, Software Packing, JavaScript, Ingress Tool Transfer, Web Protocols, Exfiltration Over C2 Channel, Match Legitimate Name or Location, Native API, Malicious File, Multi-Stage Channels, Domain Trust Discovery, Binary Padding, System Shutdown/Reboot, System Information Discovery, Security Software Discovery, Symmetric Cryptography, NTFS File Attributes, Domain Groups, Encrypted/Encoded File, Registry Run Keys / Startup Folder, System Checks, Spearphishing Link, Windows Management Instrumentation, Debugger Evasion, Domain Account, VNC
S0650	QakBot	(Citation: ATT QakBot April 2021) (Citation: Kaspersky QakBot September 2021) (Citation: Latrodectus APR 2024) (Citation: Pinkslipbot) (Citation: QBot) (Citation: QuackBot) (Citation: Red Canary Qbot) (Citation: Trend Micro Qakbot December 2020)	Regsvr32, Hidden Files and Directories, System Checks, Remote System Discovery, Data from Local System, External Proxy, PowerShell, Windows Command Shell, Security Software Discovery, Native API, Binary Padding, Windows Service, Domain Generation Algorithms, File and Directory Discovery, Registry Run Keys / Startup Folder, Fileless Storage, Masquerade File Type, Network Share Discovery, Process Hollowing, JavaScript, Msiexec, Deobfuscate/Decode Files or Information, Local Email Collection, Malicious Link, System Time Discovery, Malicious File, Exfiltration Over C2 Channel, System Owner/User Discovery, HTML Smuggling, Internet Connection Discovery, Symmetric Cryptography, Command Obfuscation, Web Protocols, Code Signing, Obfuscated Files or Information, Exploitation of Remote Services, Process Discovery, Local Groups, DLL Side-Loading, System Network Configuration Discovery, Steal Web Session Cookie, Process Injection, Domain Trust Discovery, Local Data Staging, Brute Force, Mark-of-the-Web Bypass, Browser Session Hijacking, Time Based Evasion, Ingress Tool Transfer, Peripheral Device Discovery, Non-Application Layer Protocol, Spearphishing Link, Indicator Removal from Tools, Modify Registry, Spearphishing Attachment, Keylogging, Replication Through Removable Media, Standard Encoding, Visual Basic, System Information Discovery, Windows Management Instrumentation, Application Window Discovery, Software Discovery, System Network Connections Discovery, Scheduled Task, Rundll32, Protocol Tunneling, Credentials from Web Browsers, Software Packing, Disable or Modify Tools, File Deletion

References

Proofpoint Threat Research and Team Cymru S2 Threat Research. (2024, April 4). Latrodectus: This Spider Bytes Like Ice . Retrieved May 31, 2024.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

TA577

Associated Group Descriptions

Techniques Used

Software

References