← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Eager Beaver: A Short Overview of the Restless Threat Actor TA505
WHITE TA505 AlienVault 2020-10-06 Modified: 2020-10-06
20
IOCs
MEDIUM VOLUME
TA505 is a very active – almost tireless - threat actor that prepares one campaign after another from Monday to Friday. They target organizations across industries / government in many countries around the world including Canada, Germany, South Korea, the UK, and the USA. A severe threat to a great number of organizations: on one side, they conduct Big Game Hunting operations, that is encrypting large parts of a corporate network to extort high ransom payouts. On the other side, they likely work on initial access development and hand over network access to associated threat actors. In this blog post, I will summarize what I know about TA505 as of September 2020, leaving the past aside.
TA505G0092S0460Get2 DownloaderS0461SDBot
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Get2 SDBot Backdoor:Win32/SdBot Trojan:Win32/Sdbot
Indicators of Compromise (20)
All domain FileHash-SHA256 FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
domain news-389767-mshome.com 2020-10-06
domain news-37876-mshome.com 2020-10-06
FileHash-SHA256 b5b2249413d21165cebf03c86e08d9b1e711e4e8617196e9c6f124a1632958fe SHA256 of 7732577a4db34389a7cc93b08bdba714 2020-10-06
FileHash-SHA256 c12491aefbd5feb10182b68dad013565ded21cffb221f77dcf7d6fb538122b2e SHA256 of 2a343a9c588ab2478d64457873b12d54 2020-10-06
FileHash-SHA256 83ad319279941b4fb21ba7ba1a0558e0770ddc21521665757810ecb0222b8f5a SHA256 of 9cab3a1e56303949b7b54897d84c77fe 2020-10-06
FileHash-SHA256 498f5dac2641da10c56d45667fb8f23c1477f8772d32044a34f3938018c9f442 SHA256 of ac43b411b9bd455a8cde89face9ea9b9 2020-10-06
FileHash-SHA256 ac3db13e7b17b4724d503aac7b9f4d27a9dfa9d48b069aef32ee5e393c5a544e SHA256 of b27b040dec41bb9cb1df456a7949ee5b 2020-10-06
FileHash-MD5 bb0ae6a1edcdfe74efe5bf275deaf943 2020-10-06
FileHash-MD5 98d01979e1020baa9a8e6af2c14da0da 2020-10-06
FileHash-MD5 ac43b411b9bd455a8cde89face9ea9b9 2020-10-06
FileHash-MD5 b27b040dec41bb9cb1df456a7949ee5b 2020-10-06
FileHash-MD5 2a343a9c588ab2478d64457873b12d54 2020-10-06
FileHash-MD5 7732577a4db34389a7cc93b08bdba714 2020-10-06
FileHash-MD5 9cab3a1e56303949b7b54897d84c77fe 2020-10-06
FileHash-MD5 077f697d9c6eb89baf98ecdd479e9c02 2020-10-06
FileHash-SHA1 596f74b47eb167a321787ad35d1fd9ca361d2e26 SHA1 of b27b040dec41bb9cb1df456a7949ee5b 2020-10-06
FileHash-SHA1 c631bf9dd55e16be2ae502d6047b8424ba93d4b2 SHA1 of 7732577a4db34389a7cc93b08bdba714 2020-10-06
FileHash-SHA1 9e64c75bcab11797392059e2ed39c19463e9f3cb SHA1 of ac43b411b9bd455a8cde89face9ea9b9 2020-10-06
FileHash-SHA1 9008b7cdac794f4617051e8d76a8e4532130929e SHA1 of 2a343a9c588ab2478d64457873b12d54 2020-10-06
FileHash-SHA1 87ec7095c180be2fa1082bcba9cc16b05b49a580 SHA1 of 9cab3a1e56303949b7b54897d84c77fe 2020-10-06
References (1)
↗ https://www.telekom.com/en/blog/group/article/eager-beaver-a-short-overview-of-the-restless-threat-actor-ta505-609546