Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

TA578

TA578 is a threat actor that has used contact forms and email to initiate communications with victims and to distribute malware including Latrodectus, IcedID, and Bumblebee.(Citation: Latrodectus APR 2024)(Citation: Bitsight Latrodectus June 2024)

ID: G1038

Associated Groups:

Version: 1.0

Created: 17 Sep 2024

Last Modified: 17 Sep 2024

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1583	.006	Acquire Infrastructure: Web Services	TA578 has used Google Firebase to host malicious scripts.(Citation: Latrodectus APR 2024)
Enterprise	T1059	.007	Command and Scripting Interpreter: JavaScript	TA578 has used JavaScript files in malware execution chains.(Citation: Latrodectus APR 2024)
Enterprise	T1204	.001	User Execution: Malicious Link	TA578 has placed malicious links in contact forms on victim sites, often spoofing a copyright complaint, to redirect users to malicious file downloads.(Citation: Latrodectus APR 2024)

ID	Name	References	Techniques
Software
S1039	Bumblebee	(Citation: Google EXOTIC LILY March 2022) (Citation: Latrodectus APR 2024) (Citation: Proofpoint Bumblebee April 2022) (Citation: Symantec Bumblebee June 2022)	Scheduled Task, Windows Management Instrumentation, System Owner/User Discovery, Rundll32, Standard Encoding, Shared Modules, Bypass User Account Control, Match Legitimate Resource Name or Location, Malicious File, Symmetric Cryptography, System Checks, Spearphishing Link, Spearphishing Attachment, Component Object Model, System Information Discovery, Native API, Data from Local System, Deobfuscate/Decode Files or Information, Process Injection, Time Based Evasion, Archive Collected Data, Odbcconf, Asynchronous Procedure Call, Virtualization/Sandbox Evasion, Web Service, Process Discovery, Exfiltration Over C2 Channel, PowerShell, Obfuscated Files or Information, Query Registry, Security Software Discovery, Windows Command Shell, File Deletion, Visual Basic, Debugger Evasion, Ingress Tool Transfer, Malicious Link, Fallback Channels, Dynamic-link Library Injection
S0483	IcedID	(Citation: IBM IcedID November 2017) (Citation: Juniper IcedID June 2020) (Citation: Latrodectus APR 2024)	Scheduled Task, Windows Management Instrumentation, Rundll32, Embedded Payloads, Encrypted/Encoded File, Permission Groups Discovery, Match Legitimate Resource Name or Location, Domain Account, Malicious File, Spearphishing Attachment, Network Share Discovery, System Information Discovery, Msiexec, Native API, Browser Session Hijacking, System Network Configuration Discovery, Domain Trust Discovery, Asynchronous Procedure Call, Virtualization/Sandbox Evasion, Exfiltration Over Asymmetric Encrypted Non-C2 Protocol, Registry Run Keys / Startup Folder, Process Hollowing, Asymmetric Cryptography, System Language Discovery, Steganography, Security Software Discovery, Drive-by Compromise, Software Packing, Web Protocols, Visual Basic, Ingress Tool Transfer
S1160	Latrodectus	(Citation: Bitsight Latrodectus June 2024) (Citation: Bleeping Computer Latrodectus April 2024) (Citation: IceNova) (Citation: Latrodectus APR 2024) (Citation: Unidentified 111)	Scheduled Task, VNC, Windows Management Instrumentation, System Owner/User Discovery, Rundll32, Standard Encoding, Encrypted/Encoded File, JavaScript, Match Legitimate Resource Name or Location, Domain Account, Malicious File, Symmetric Cryptography, System Checks, Domain Groups, Spearphishing Link, Spearphishing Attachment, Component Object Model, Network Share Discovery, System Information Discovery, Msiexec, Native API, Data from Local System, Deobfuscate/Decode Files or Information, Binary Padding, System Network Configuration Discovery, Domain Trust Discovery, File and Directory Discovery, Web Service, Multi-Stage Channels, Process Discovery, Exfiltration Over C2 Channel, Registry Run Keys / Startup Folder, Security Software Discovery, Windows Command Shell, File Deletion, Software Packing, Web Protocols, Debugger Evasion, Ingress Tool Transfer, Dynamic API Resolution, Malicious Link, NTFS File Attributes, System Shutdown/Reboot

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

TA578

Associated Group Descriptions

Techniques Used

Software

References