Mustard TempestMustard Tempest

Also known as: DEV-0206 · Purple Vallhund · Mustard Tempest

Known aliases
3

Profile

Mustard Tempest is a threat actor that primarily uses malvertising as their main technique to gain access to and profile networks. They deploy FakeUpdates, disguised as browser updates or software packages, to lure targets into downloading a ZIP file containing a JavaScript file. Once executed, the JavaScript framework acts as a loader for other malware campaigns, often Cobalt Strike payloads. Mustard Tempest has been associated with the cybercrime syndicate Mustard Tempest, also known as EvilCorp, and has been involved in ransomware attacks using payloads such as WastedLocker, PhoenixLocker, and Macaw.

Aliases· 3

DEV-0206Purple VallhundMustard Tempest

References

  1. https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/
  2. http://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Velvet Tempest
Actor
Phlox Tempest
Actor
MUSTANG PANDA
Actor
Storm-0381
Actor
Vanilla Tempest
Actor
Lilac Typhoon
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.