← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Eager Beaver: A Short Overview of the Restless Threat Actor TA505
WHITE TA505 AlienVault 2020-10-06 Modified: 2020-10-06
20
IOCs
MEDIUM VOLUME
TA505 is a very active – almost tireless - threat actor that prepares one campaign after another from Monday to Friday. They target organizations across industries / government in many countries around the world including Canada, Germany, South Korea, the UK, and the USA. A severe threat to a great number of organizations: on one side, they conduct Big Game Hunting operations, that is encrypting large parts of a corporate network to extort high ransom payouts. On the other side, they likely work on initial access development and hand over network access to associated threat actors. In this blog post, I will summarize what I know about TA505 as of September 2020, leaving the past aside.
TA505G0092S0460Get2 DownloaderS0461SDBot
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Get2 SDBot Backdoor:Win32/SdBot Trojan:Win32/Sdbot
Indicators of Compromise (5 / 20 total)
All domain FileHash-SHA256 FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 596f74b47eb167a321787ad35d1fd9ca361d2e26 SHA1 of b27b040dec41bb9cb1df456a7949ee5b 2020-10-06
FileHash-SHA1 c631bf9dd55e16be2ae502d6047b8424ba93d4b2 SHA1 of 7732577a4db34389a7cc93b08bdba714 2020-10-06
FileHash-SHA1 9e64c75bcab11797392059e2ed39c19463e9f3cb SHA1 of ac43b411b9bd455a8cde89face9ea9b9 2020-10-06
FileHash-SHA1 9008b7cdac794f4617051e8d76a8e4532130929e SHA1 of 2a343a9c588ab2478d64457873b12d54 2020-10-06
FileHash-SHA1 87ec7095c180be2fa1082bcba9cc16b05b49a580 SHA1 of 9cab3a1e56303949b7b54897d84c77fe 2020-10-06
References (1)
↗ https://www.telekom.com/en/blog/group/article/eager-beaver-a-short-overview-of-the-restless-threat-actor-ta505-609546