Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

TA577

TA577 is an initial access broker (IAB) that has distributed QakBot and Pikabot, and was among the first observed groups distributing Latrodectus in 2023.(Citation: Latrodectus APR 2024)

ID: G1037

Associated Groups:

Version: 1.0

Created: 17 Sep 2024

Last Modified: 17 Sep 2024

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1059	.003	Command and Scripting Interpreter: Windows Command Shell	TA577 has used BAT files in malware execution chains.(Citation: Latrodectus APR 2024)
		.007	Command and Scripting Interpreter: JavaScript	TA577 has used JavaScript to execute additional malicious payloads.(Citation: Latrodectus APR 2024)
Enterprise	T1586	.002	Compromise Accounts: Email Accounts	TA577 has sent thread hijacked messages from compromised emails.(Citation: Latrodectus APR 2024)
Enterprise	T1027	.009	Obfuscated Files or Information: Embedded Payloads	TA577 has used LNK files to execute embedded DLLs.(Citation: Latrodectus APR 2024)
Enterprise	T1566	.002	Phishing: Spearphishing Link	TA577 has sent emails containing links to malicious JavaScript files.(Citation: Latrodectus APR 2024)
Enterprise	T1204	.001	User Execution: Malicious Link	TA577 has lured users into executing malicious JavaScript files by sending malicious links via email.(Citation: Latrodectus APR 2024)

ID	Name	References	Techniques
Software
S1145	Pikabot	(Citation: Elastic Pikabot 2024) (Citation: Latrodectus APR 2024) (Citation: Logpoint Pikabot 2024) (Citation: Zscaler Pikabot 2023)	Fileless Storage, Standard Encoding, Embedded Payloads, Symmetric Cryptography, Local Account, System Checks, System Information Discovery, Native API, Deobfuscate/Decode Files or Information, Thread Execution Hijacking, Reflective Code Loading, System Network Configuration Discovery, Domain Trust Discovery, Portable Executable Injection, Exfiltration Over C2 Channel, Registry Run Keys / Startup Folder, Non-Standard Port, Steganography, Windows Command Shell, Debugger Evasion, Environmental Keying
S1160	Latrodectus	(Citation: Bitsight Latrodectus June 2024) (Citation: Bleeping Computer Latrodectus April 2024) (Citation: IceNova) (Citation: Latrodectus APR 2024) (Citation: Unidentified 111)	Scheduled Task, VNC, Windows Management Instrumentation, System Owner/User Discovery, Rundll32, Standard Encoding, Encrypted/Encoded File, JavaScript, Match Legitimate Resource Name or Location, Domain Account, Malicious File, Symmetric Cryptography, System Checks, Domain Groups, Spearphishing Link, Spearphishing Attachment, Component Object Model, Network Share Discovery, System Information Discovery, Msiexec, Native API, Data from Local System, Deobfuscate/Decode Files or Information, Binary Padding, System Network Configuration Discovery, Domain Trust Discovery, File and Directory Discovery, Web Service, Multi-Stage Channels, Process Discovery, Exfiltration Over C2 Channel, Registry Run Keys / Startup Folder, Security Software Discovery, Windows Command Shell, File Deletion, Software Packing, Web Protocols, Debugger Evasion, Ingress Tool Transfer, Dynamic API Resolution, Malicious Link, NTFS File Attributes, System Shutdown/Reboot
S0650	QakBot	(Citation: ATT QakBot April 2021) (Citation: Kaspersky QakBot September 2021) (Citation: Latrodectus APR 2024) (Citation: Pinkslipbot) (Citation: QBot) (Citation: QuackBot) (Citation: Red Canary Qbot) (Citation: Trend Micro Qakbot December 2020)	Scheduled Task, Windows Management Instrumentation, Fileless Storage, System Owner/User Discovery, Rundll32, Standard Encoding, Keylogging, JavaScript, Steal Web Session Cookie, Domain Generation Algorithms, Internet Connection Discovery, Local Data Staging, Local Email Collection, Masquerade File Type, Malicious File, Symmetric Cryptography, Windows Service, System Checks, Spearphishing Link, Spearphishing Attachment, DLL, Code Signing, Network Share Discovery, Peripheral Device Discovery, System Information Discovery, Msiexec, Native API, Replication Through Removable Media, Data from Local System, Deobfuscate/Decode Files or Information, Process Injection, Application Window Discovery, Time Based Evasion, Protocol Tunneling, Browser Session Hijacking, Modify Registry, Credentials from Web Browsers, Binary Padding, External Proxy, System Network Configuration Discovery, Domain Trust Discovery, File and Directory Discovery, System Network Connections Discovery, Mark-of-the-Web Bypass, Process Discovery, Exfiltration Over C2 Channel, PowerShell, Exploitation of Remote Services, Registry Run Keys / Startup Folder, Local Groups, Brute Force, Disable or Modify Tools, Indicator Removal from Tools, Process Hollowing, Obfuscated Files or Information, Regsvr32, Non-Application Layer Protocol, Security Software Discovery, Windows Command Shell, HTML Smuggling, Command Obfuscation, File Deletion, Software Packing, Web Protocols, Visual Basic, Remote System Discovery, Software Discovery, Ingress Tool Transfer, Hidden Files and Directories, Malicious Link, System Time Discovery

References

Proofpoint Threat Research and Team Cymru S2 Threat Research. (2024, April 4). Latrodectus: This Spider Bytes Like Ice . Retrieved May 31, 2024.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

TA577

Associated Group Descriptions

Techniques Used

Software

References