← threatfilter.dev / all groups / TA577
TA577
Overview
TA577 is an initial access broker (IAB) that has distributed QakBot and Pikabot, and was among the first observed groups distributing Latrodectus in 2023.
Capabilities
- Custom malware/implant development — ATT&CK: 3 attributed custom malware families
TTPs — 6 techniques across 4 tactics
Resource Development
-
T1586.002Email Accounts
Initial Access
-
T1566.002Spearphishing Link
Execution
-
T1059.003Windows Command Shell -
T1059.007JavaScript -
T1204.001Malicious Link
Stealth
-
T1027.009Embedded Payloads
Tools & malware (3)
Pikabot · QakBot · Latrodectus
Reporting (1)
- Latrodectus: This Spider Bytes Like Ice — Proofpoint Threat Research and Team Cymru S2 Threat Research