TA578

Overview

TA578 is a threat actor that has used contact forms and email to initiate communications with victims and to distribute malware including Latrodectus, IcedID, and Bumblebee.

Capabilities

• Custom malware/implant development — ATT&CK: 3 attributed custom malware families

TTPs — 4 techniques across 3 tactics

Tools & malware (3)

Bumblebee · Latrodectus · IcedID

Reporting (2)

• Latrodectus, are you coming back? — Batista, J
• Latrodectus: This Spider Bytes Like Ice — Proofpoint Threat Research and Team Cymru S2 Threat Research