← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Eager Beaver: A Short Overview of the Restless Threat Actor TA505
WHITE TA505 AlienVault 2020-10-06 Modified: 2020-10-06
20
IOCs
MEDIUM VOLUME
TA505 is a very active – almost tireless - threat actor that prepares one campaign after another from Monday to Friday. They target organizations across industries / government in many countries around the world including Canada, Germany, South Korea, the UK, and the USA. A severe threat to a great number of organizations: on one side, they conduct Big Game Hunting operations, that is encrypting large parts of a corporate network to extort high ransom payouts. On the other side, they likely work on initial access development and hand over network access to associated threat actors. In this blog post, I will summarize what I know about TA505 as of September 2020, leaving the past aside.
TA505G0092S0460Get2 DownloaderS0461SDBot
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Get2 SDBot Backdoor:Win32/SdBot Trojan:Win32/Sdbot
Indicators of Compromise (5 / 20 total)
All domain FileHash-SHA256 FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 b5b2249413d21165cebf03c86e08d9b1e711e4e8617196e9c6f124a1632958fe SHA256 of 7732577a4db34389a7cc93b08bdba714 2020-10-06
FileHash-SHA256 c12491aefbd5feb10182b68dad013565ded21cffb221f77dcf7d6fb538122b2e SHA256 of 2a343a9c588ab2478d64457873b12d54 2020-10-06
FileHash-SHA256 83ad319279941b4fb21ba7ba1a0558e0770ddc21521665757810ecb0222b8f5a SHA256 of 9cab3a1e56303949b7b54897d84c77fe 2020-10-06
FileHash-SHA256 498f5dac2641da10c56d45667fb8f23c1477f8772d32044a34f3938018c9f442 SHA256 of ac43b411b9bd455a8cde89face9ea9b9 2020-10-06
FileHash-SHA256 ac3db13e7b17b4724d503aac7b9f4d27a9dfa9d48b069aef32ee5e393c5a544e SHA256 of b27b040dec41bb9cb1df456a7949ee5b 2020-10-06
References (1)
↗ https://www.telekom.com/en/blog/group/article/eager-beaver-a-short-overview-of-the-restless-threat-actor-ta505-609546