TA575TA575

Also known as: TA575

Known aliases
1

Profile

TA575 is a Dridex affiliate tracked by Proofpoint since late 2020. This group distributes malware such as Dridex, Qakbot, and WastedLocker via malicious URLs, Office attachments, and password-protected files. On average, TA575 distributes almost 4,000 messages per campaign impacting hundreds of organizations.

Aliases· 1

TA575

Compliance frameworks testing this (incoming)3

TypeTargetConfidenceTier
ComplianceControlai_act-art9100%live
ComplianceControltiber_eu-testing100%live
ComplianceControltiber_eu-generic100%live

References

  1. https://blogs.blackberry.com/en/2021/08/blackberry-prevents-threat-actor-group-ta575-and-dridex-malware
  2. https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware
  3. https://www.zdnet.com/article/ta575-criminal-group-using-squid-game-lures-for-dridex-malware/
  4. https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
TA571
Actor
TA505
Actor
TA570
Actor
TA578
Actor
TA577
Actor
TA579
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.