TA577

Also known as: Hive0118, TA577

TA577 is an initial access broker (IAB) that has distributed QakBot and Pikabot, and was among the first observed groups distributing Latrodectus in 2023. Latrodectus APR 2024

🌍 Country Russia

🧭 ATT&CK G1037

Introduction

TA577 is an initial access broker (IAB) that has distributed QakBot and Pikabot, and was among the first observed groups distributing Latrodectus in 2023. Latrodectus APR 2024

Activities and Tactics

Country of Origin: 🇷🇺 Russia

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

Smoke Loader
CyberGate
Cyber Eye RAT
GraphicBooting
Cobalt Strike
CrossRat

MITRE ATT&CK Software

Attribution and Evidence

Country of Origin: Russia Additional attribution information pending cataloguing.

References

[1] mitre-attack [2] Latrodectus APR 2024 Proofpoint Threat Research and Team Cymru S2 Threat Research. (2024, April 4). Latrodectus: This Spider Bytes Like Ice . Retrieved May 31, 2024.

Source Attribution

Structured source: MISP Galaxy

View ATT&CK group profile

View upstream source record

License: CC BY-NC-SA 3.0

Additional source provenance

malpedia Source record Dataset
misp galaxy Dataset
mitre Dataset

Source and license policy

🔍 Quick Filters

Top Countries

Risk Distribution

High

161

Critical

Low

Medium