Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Преступная группа TA578
CVE уязвимости
БДУ ФСТЭК уязвимости
НКЦКИ уязвимости
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Преступная группа
TA578
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

TA578

TA578 is a threat actor that has used contact forms and email to initiate communications with victims and to distribute malware including Latrodectus, IcedID, and Bumblebee.(Citation: Latrodectus APR 2024)(Citation: Bitsight Latrodectus June 2024)
ID: G1038
Associated Groups: 
Created: 17 Sep 2024
Last Modified: 17 Sep 2024

Associated Group Descriptions
Name Description

Techniques Used
Domain ID Name Use
Enterprise T1583 .006 Acquire Infrastructure: Web Services

TA578 has used Google Firebase to host malicious scripts.(Citation: Latrodectus APR 2024)
Enterprise T1059 .007 Command and Scripting Interpreter: JavaScript

TA578 has used JavaScript files in malware execution chains.(Citation: Latrodectus APR 2024)
Enterprise T1204 .001 User Execution: Malicious Link

TA578 has placed malicious links in contact forms on victim sites, often spoofing a copyright complaint, to redirect users to malicious file downloads.(Citation: Latrodectus APR 2024)

Software
ID Name References Techniques
S1039 Bumblebee (Citation: Google EXOTIC LILY March 2022) (Citation: Latrodectus APR 2024) (Citation: Proofpoint Bumblebee April 2022) (Citation: Symantec Bumblebee June 2022) System Information Discovery, System Owner/User Discovery, Windows Management Instrumentation, Exfiltration Over C2 Channel, Windows Command Shell, System Checks, Deobfuscate/Decode Files or Information, Dynamic-link Library Injection, Archive Collected Data, Time Based Evasion, Odbcconf, Data from Local System, Security Software Discovery, Asynchronous Procedure Call, Visual Basic, Web Service, Virtualization/Sandbox Evasion, Ingress Tool Transfer, Fallback Channels, Spearphishing Link, Standard Encoding, Rundll32, Match Legitimate Name or Location, Process Injection, Native API, Obfuscated Files or Information, Shared Modules, Query Registry, Symmetric Cryptography, Bypass User Account Control, Process Discovery, Malicious Link, Spearphishing Attachment, Scheduled Task, Malicious File, PowerShell, Component Object Model, Debugger Evasion, File Deletion
S0483 IcedID (Citation: IBM IcedID November 2017) (Citation: Juniper IcedID June 2020) (Citation: Latrodectus APR 2024) Virtualization/Sandbox Evasion, Process Hollowing, System Language Discovery, Domain Trust Discovery, Msiexec, Drive-by Compromise, Exfiltration Over Asymmetric Encrypted Non-C2 Protocol, Permission Groups Discovery, Scheduled Task, Rundll32, Match Legitimate Name or Location, Malicious File, Security Software Discovery, Embedded Payloads, Encrypted/Encoded File, Native API, Steganography, Domain Account, Windows Management Instrumentation, Visual Basic, Asynchronous Procedure Call, Ingress Tool Transfer, System Network Configuration Discovery, Spearphishing Attachment, Web Protocols, Network Share Discovery, Browser Session Hijacking, Registry Run Keys / Startup Folder, Software Packing, System Information Discovery, Asymmetric Cryptography
S1160 Latrodectus (Citation: Bitsight Latrodectus June 2024) (Citation: Bleeping Computer Latrodectus April 2024) (Citation: IceNova) (Citation: Latrodectus APR 2024) (Citation: Unidentified 111) Web Service, Rundll32, Standard Encoding, Windows Command Shell, System Network Configuration Discovery, Msiexec, Network Share Discovery, Process Discovery, System Owner/User Discovery, Scheduled Task, Malicious Link, Dynamic API Resolution, Data from Local System, Spearphishing Attachment, Deobfuscate/Decode Files or Information, File Deletion, File and Directory Discovery, Component Object Model, Software Packing, JavaScript, Ingress Tool Transfer, Web Protocols, Exfiltration Over C2 Channel, Match Legitimate Name or Location, Native API, Malicious File, Multi-Stage Channels, Domain Trust Discovery, Binary Padding, System Shutdown/Reboot, System Information Discovery, Security Software Discovery, Symmetric Cryptography, NTFS File Attributes, Domain Groups, Encrypted/Encoded File, Registry Run Keys / Startup Folder, System Checks, Spearphishing Link, Windows Management Instrumentation, Debugger Evasion, Domain Account, VNC

References

  1. Proofpoint Threat Research and Team Cymru S2 Threat Research. (2024, April 4). Latrodectus: This Spider Bytes Like Ice . Retrieved May 31, 2024.
  2. Batista, J. (2024, June 17). Latrodectus, are you coming back?. Retrieved September 13, 2024.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.