TA577 is an initial access broker (IAB) that has distributed QakBot and Pikabot, and was among the first observed groups distributing Latrodectus in 2023.[1]
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell | |
.007 | Command and Scripting Interpreter: JavaScript |
TA577 has used JavaScript to execute additional malicious payloads.[1] |
||
Enterprise | T1586 | .002 | Compromise Accounts: Email Accounts |
TA577 has sent thread hijacked messages from compromised emails.[1] |
Enterprise | T1027 | .009 | Obfuscated Files or Information: Embedded Payloads | |
Enterprise | T1566 | .002 | Phishing: Spearphishing Link |
TA577 has sent emails containing links to malicious JavaScript files.[1] |
Enterprise | T1204 | .001 | User Execution: Malicious Link |
TA577 has lured users into executing malicious JavaScript files by sending malicious links via email.[1] |