Threat Actor Characterization
You’re viewing the read-only version.
Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
TA505
ID: 3096a101f68888b9770d28d37bdf765648253
Cybercrime
Ransomware Affiliate
Threat types: Ransomware, Data Leak, Intrusion
Progress: 44%
Completeness: 33%
Freshness: 70%
Operation zone: —
Aliases
Limited alias preview
| FIN11 | — | — | — |
Actor Network Graph
Open Network GraphMITRE ATT&CK®
confidence: medium
TA505 is a cyber criminal group that has been active since at least 2014. TA505 is known for frequently changing malware, driving global trends in criminal malware distribution, and ransomware campaigns involving Clop. Ref: https://attack.mitre.org/groups/G0092/
| Technique | Technique name | Tactics | Evidence |
|---|---|---|---|
| T1027.002 | Software Packing | TA0005 |
|
| T1027.010 | Command Obfuscation | TA0005 |
|
| T1027.013 | Encrypted/Encoded File | TA0005 |
|
| T1055.001 | Dynamic-link Library Injection | TA0004 TA0005 |
|
| T1059.001 | PowerShell | TA0002 |
|
| T1059.003 | Windows Command Shell | TA0002 |
|
| T1059.005 | Visual Basic | TA0002 |
|
| T1059.007 | JavaScript | TA0002 |
|
| T1071.001 | Web Protocols | TA0011 |
|
| T1078.002 | Domain Accounts | TA0001 TA0003 TA0004 TA0005 |
|
| T1087.003 | Email Account | TA0007 |
|
| T1204.001 | Malicious Link | TA0002 |
|
| T1204.002 | Malicious File | TA0002 |
|
| T1218.007 | Msiexec | TA0005 |
|
| T1218.011 | Rundll32 | TA0005 |
|
| T1552.001 | Credentials In Files | TA0006 |
|
| T1553.002 | Code Signing | TA0005 |
|
| T1553.005 | Mark-of-the-Web Bypass | TA0005 |
|
| T1555.003 | Credentials from Web Browsers | TA0006 |
|
| T1559.002 | Dynamic Data Exchange | TA0002 |
|
| T1562.001 | Disable or Modify Tools | TA0005 |
|
| T1566.001 | Spearphishing Attachment | TA0001 |
|
| T1566.002 | Spearphishing Link | TA0001 |
|
| T1568.001 | Fast Flux DNS | TA0011 |
|
| T1583.001 | Domains | TA0042 |
|
| T1588.001 | Malware | TA0042 |
|
| T1588.002 | Tool | TA0042 |
|
| T1608.001 | Upload Malware | TA0042 |
|
Executive brief
now
Saved successfully.
Hunting Playbook
now
Saved successfully.
IOC Appendix
now
Saved successfully.
OSINT Library
now
Saved successfully.