← threatfilter.dev / all groups / Mustard Tempest

Mustard Tempest

Also known as: DEV-0206 · TA569 · GOLD PRELUDE · UNC1543

Overview

Mustard Tempest is an initial access broker that has operated the SocGholish distribution network since at least 2017. Mustard Tempest has partnered with Indrik Spider to provide access for the download of additional malware including LockBit, WastedLocker, and remote access tools.

TTPs — 12 techniques across 6 tactics

Resource Development

T1583.004 Server
T1583.008 Malvertising
T1584.001 Domains
T1608.001 Upload Malware
T1608.004 Drive-by Target
T1608.006 SEO Poisoning

Tools & malware (2)

SocGholish · Cobalt Strike

Reporting (3)

How Microsoft names threat actors — Microsoft
SocGholish, a very real threat from a very fake update — Andrew Northern
Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself — Microsoft

Overview

TTPs — 12 techniques across 6 tactics

Resource Development

Initial Access

Execution

Stealth

Discovery

Command and Control

Tools & malware (2)

Reporting (3)