Introduction
Mustard Tempest is an initial access broker that has operated the SocGholish distribution network since at least 2017. Mustard Tempest has partnered with Indrik Spider to provide access for the download of additional malware including LockBit, WastedLocker, and remote access tools. Microsoft Ransomware as a Service Microsoft Threat Actor Naming July 2023 Secureworks Gold Prelude Profile SocGholish-update
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- CyberGate
- Cyber Eye RAT
- Cobalt Strike
Attribution and Evidence
Information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] Microsoft Ransomware as a Service [3] Microsoft Threat Actor Naming July 2023 [4] Secureworks Gold Prelude Profile [5] SocGholish-update