← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Breaking Down TA505 Groups Use of HTML and RATs
WHITE TA505 AlienVault 2019-06-12 Modified: 2019-06-12
222
IOCs
HIGH VOLUME
TA505 is a prolific cybercriminal group known for its attacks against multiple financial institutions and retail companies using malicious spam campaigns and different malware. We have been following TA505 closely and detected various related activities for the past two months. In the group’s latest campaign, they started using HTML attachments to deliver malicious .XLS files that lead to downloader and backdoor FlawedAmmyy, mostly to target users in South Korea.
Indicators of Compromise (72 / 222 total)
All FileHash-SHA256 domain URL
TYPEINDICATORDESCRIPTIONCREATED
URL http://slemend.com/cykom2 2019-06-12
URL http://169.239.128.168/dynhost 2019-06-12
URL http://billyjimmyer.top/xsmkld/index.php 2019-06-12
URL http://172.104.104.166/m2 2019-06-12
URL http://66.42.45.55/02.dat 2019-06-12
URL http://169.239.129.103:8080 2019-06-12
URL http://172.104.104.166/m1 2019-06-12
URL http://45.76.223.177/02.dat 2019-06-12
URL http://statesdr.top/q4 2019-06-12
URL http://traveser.net/tmp 2019-06-12
URL http://vairina.top/20190706_089785.xls 2019-06-12
URL http://158.255.208.175/da2.dat 2019-06-12
URL http://waiireme.com/20190706_077345.xls 2019-06-12
URL http://163.172.84.54/filename.php 2019-06-12
URL http://zonaykan.com/lsadat3 2019-06-12
URL http://103.73.66.137/01.dat 2019-06-12
URL http://169.239.128.169/dynhost 2019-06-12
URL http://fjiisiis33.icu/jquery/jquery.php 2019-06-12
URL http://furhatsth.net/q1 2019-06-12
URL http://195.123.227.20/dashost 2019-06-12
URL http://66.42.45.55/m3 2019-06-12
URL http://govhotel.us/p.exe 2019-06-12
URL http://profan.es/dashost 2019-06-12
URL http://homeone.co.kr/eTaxInvoice_47654385 2019-06-12
URL http://ianhennessee.com/eTaxInvoice_776347 2019-06-12
URL http://94.156.133.183:8080 2019-06-12
URL http://furhatsth.net/q2 2019-06-12
URL http://statesdr.top/q3 2019-06-12
URL http://topdalescotty.top/xsmkld/index.php 2019-06-12
URL http://angelmariotti.xyz/xsmkld/index.php 2019-06-12
URL http://zonaykan.com/lsadat1 2019-06-12
URL http://167.179.119.235/02.dat 2019-06-12
URL http://vairina.top/20190706_125803.xls 2019-06-12
URL http://172.104.104.166/01.dat 2019-06-12
URL http://www.kerrison.com/dashost 2019-06-12
URL http://109.234.38.177/dom4 2019-06-12
URL http://66.42.45.55/m4 2019-06-12
URL http://45.76.206.149/01.dat 2019-06-12
URL http://92.38.135.88/da.dat 2019-06-12
URL http://velquene.net/mshost1 2019-06-12
URL http://159.69.48.50:5655 2019-06-12
URL http://slemend.com/cykom1 2019-06-12
URL http://houusha33.icu/jquery/jquery.php 2019-06-12
URL http://kupitorta.net/lsadat2 2019-06-12
URL http://kupitorta.net/lsadat3 2019-06-12
URL http://citroenmehari.dk/20190706_066381.xls 2019-06-12
URL http://vairina.top/t2 2019-06-12
URL http://vairina.top/t1 2019-06-12
URL http://gohaiendo.com/ppk/index.php 2019-06-12
URL http://globe-trotterltd.com/dashost 2019-06-12
URL http://92.38.135.134/dom2 2019-06-12
URL http://waiireme.com/t4 2019-06-12
URL http://dannysannyer.top/xsmkld/index.php 2019-06-12
URL http://kabatas.ch/~erhan/eTaxInvoice_467523[ 2019-06-12
URL http://tommyhalfigero.top/xsmkld/index.php 2019-06-12
URL http://45.77.16.211/01.dat 2019-06-12
URL http://27.102.118.143/dom1 2019-06-12
URL http://velquene.net/mshost2 2019-06-12
URL http://lecmess.top/tmp 2019-06-12
URL http://losabetos.com.sv/eTaxInvoice_846634 2019-06-12
URL http://zonaykan.com/lsadat2 2019-06-12
URL http://160.202.162.147/1.tmp 2019-06-12
URL http://5.149.254.25/1.tmp 2019-06-12
URL http://canyoning-austria.at/dashost 2019-06-12
URL http://datdepot.net/nzt1 2019-06-12
URL http://kupitorta.net/lsadat1 2019-06-12
URL http://waiireme.com/20190706_983782.xls 2019-06-12
URL http://amenyan.zouri.jp/20190706_866384. 2019-06-12
URL http://172.104.117.15/02.dat 2019-06-12
URL http://116.203.180.29/01.dat 2019-06-12
URL http://tunnelview.co.uk/ES_2.exe 2019-06-12
URL http://waiireme.com/t3 2019-06-12
References (1)
↗ https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/