TA800TA800

Also known as: TA800

Known aliases
1

Profile

This attacker is an affiliate distributor of the The Trick, also known as Trickbot, and BazaLoader. (For more on how affiliates work, see the description of TA573). TA800 has targeted a wide range of industries in North America, infecting victims with banking Trojans and malware loaders (malware designed to download other malware onto a compromised device). Malicious emails have often included recipients’ names, titles and employers along with phishing pages designed to look like the targeted company. Lures have included hard-to-resist subjects such as related to payment, meetings, termination, bonuses and complaints in the subject line or body of the email.

Aliases· 1

TA800

Compliance frameworks testing this (incoming)4

TypeTargetConfidenceTier
ComplianceControlpci_dss_v4-r1100%live
ComplianceControlcra-art14100%live
ComplianceControltiber_eu-testing100%live
ComplianceControlowasp_api_top10-api10100%live

References

  1. https://www.proofpoint.com/us/blog/threat-insight/q4-2020-threat-report-quarterly-analysis-cybersecurity-trends-tactics-and-themes

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
TA866
Actor
TA530
Actor
TA570
Actor
TA547
Actor
TA578
Actor
TA555
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.